Zurück zur CVE-Übersicht
CVE-2026-34486
HIGH(7.5)CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Risk Signal Score25/100 — MITTEL
- CVSS 7.5 — Hoch
EPSS-Score
22%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
7.5
Technische Schwere
Beschreibung
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.
GitHub Advisories
GHSA-69r9-qgr7-g2wjHIGH
Apache Tomcat Missing Encryption of Sensitive Data vulnerability
maven/org.apache.tomcat:tomcat→ 11.0.21
GitHub AdvisoryReferenzen
- https://lists.apache.org/thread/9510k5p5zdvt9pkkgtyp85mvwxo2qrly
- https://www.vicarius.io/vsociety/posts/cve-2026-34486-detection-script-rce-on-ap...
- https://www.vicarius.io/vsociety/posts/cve-2026-34486-mitigation-script-rce-on-a...
- https://access.redhat.com/errata/RHSA-2026:36787
- https://access.redhat.com/errata/RHSA-2026:36788
- https://access.redhat.com/errata/RHSA-2026:36789
- https://access.redhat.com/errata/RHSA-2026:36790
- https://access.redhat.com/errata/RHSA-2026:36876
- https://access.redhat.com/errata/RHSA-2026:36877
- https://access.redhat.com/errata/RHSA-2026:36878