🔐 CVE Alert

CVE-2026-34486

HIGH 7.5

Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor

CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
1th

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.

CWE CWE-311
Vendor apache software foundation
Product apache tomcat
Published Apr 9, 2026
Last Updated Apr 10, 2026
Stay Ahead of the Next One

Get instant alerts for apache software foundation apache tomcat

Be the first to know when new high vulnerabilities affecting apache software foundation apache tomcat are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Apache Software Foundation / Apache Tomcat
11.0.20 10.1.53 9.0.116

References

NVD ↗ CVE.org ↗ EPSS Data ↗
lists.apache.org: https://lists.apache.org/thread/9510k5p5zdvt9pkkgtyp85mvwxo2qrly

Credits

Bartlomiej Dmitruk at striga.ai