PT-2026-31712 · Apache · Apache Tomcat
Bartlomiej Dmitruk
·
Published
2026-04-02
·
Updated
2026-07-08
·
CVE-2026-34486
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Apache Tomcat version 11.0.20
Apache Tomcat version 10.1.53
Apache Tomcat version 9.0.116
Description
A flaw exists where the
EncryptInterceptor, a component designed to ensure data encryption, can be bypassed. This issue was introduced as a result of a fix for a previous vulnerability. The bypass allows sensitive data to remain unencrypted, which may enable a remote attacker to gain unauthorized access to protected information and lead to information disclosure.Recommendations
Update version 11.0.20 to 11.0.21
Update version 10.1.53 to 10.1.54
Update version 9.0.116 to 9.0.117
Exploit
Fix
RCE
Missing Encryption of Sensitive Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache Tomcat