CVE-2026-50229

UNKNOWN 0.0

Apache Tomcat: XSS in number guess example

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Other versions that have reached end of support may also be affected. Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fix the issue.

CWE	CWE-80
Vendor	apache software foundation
Product	apache tomcat
Published	Jun 29, 2026
Last Updated	Jun 29, 2026

Stay Ahead of the Next One

Get instant alerts for apache software foundation apache tomcat

Be the first to know when new unknown vulnerabilities affecting apache software foundation apache tomcat are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Apache Software Foundation / Apache Tomcat

11.0.0-M1 ≤ 11.0.22 10.1.0-M1 ≤ 10.1.55 9.0.0.M1 ≤ 9.0.118 8.5.0 ≤ 8.5.100 7.0.0 ≤ 7.0.109

References

NVD ↗ CVE.org ↗ EPSS Data ↗

lists.apache.org: https://lists.apache.org/thread/wlt2no8bw45zl1w8byop4zfqphldf5j0

Credits

Erichen, Institute of Computing Technology, Chinese Academy of Sciences Yashar Shahinzadeh Amirmohammad Safari