CVE-2026-34486
HIGH
7,5
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
Description
AI Translation Available
Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor.
This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116.
Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0001
Percentile
0,0th
Updated
EPSS Score Trend (Last 7 Days)
311
Missing Encryption of Sensitive Data
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Integrity
Potential Impacts:
Read Application Data
Modify Application Data
Applicable Platforms
All platforms may be affected
Application
Tomcat by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:tomcat:10.1.53:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Tomcat by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:tomcat:11.0.20:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Tomcat by Apache
CPE Identifier
View Detailed Analysis
cpe:2.3:a:apache:tomcat:9.0.116:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://lists.apache.org/thread/9510k5p5zdvt9pkkgtyp85mvwxo2qrly