- 110/2026
- Critical
Apache Tomcat has released a security update to address several vulnerabilities affecting Apache Tomcat.
The addressed vulnerabilities could allow the attacker to bypass security restrictions, perform request smuggling attacks, obtain sensitive information from server logs, or redirect victims to attacker-controlled sites to perform phishing or other social engineering attacks.
Sample of the addressed vulnerabilities:
1. Apache Tomcat OSCP Checks Authentication Bypass Vulnerability (CVE-2026-29145):
- CVSS: 9.1
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
2. Apache Tomcat Kubernetes Bearer Tokens Exposure Vulnerability (CVE-2026-34487):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
Vulnerabilities
- CVE-2026-24734
- CVE-2026-24880
- CVE-2026-25854
- CVE-2026-29129
- CVE-2026-29145
- CVE-2026-29146
- CVE-2026-32990
- CVE-2026-34483
- CVE-2026-34486
- CVE-2026-34487
- CVE-2026-34500
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.