ГлавнаяУязвимости → CVE-2026-34486
7.5высокая

CVE-2026-34486

Описание

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.

Затрагиваемое ПО
Apache Tomcat
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Источники
https://lists.apache.org/thread/9510k5p5zdvt9pkkgtyp85mvwxo2qrlyhttps://www.vicarius.io/vsociety/posts/cve-2026-34486-detection-script-rce-on-apache-tomcathttps://www.vicarius.io/vsociety/posts/cve-2026-34486-mitigation-script-rce-on-apache-tomcathttps://access.redhat.com/errata/RHSA-2026:36787https://access.redhat.com/errata/RHSA-2026:36788https://access.redhat.com/errata/RHSA-2026:36789https://access.redhat.com/errata/RHSA-2026:36790https://access.redhat.com/errata/RHSA-2026:36876