CVE-2026-29129

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.16 through 11.0.18 Apache Tomcat versions 10.1.51 through 10.1.52 Apache Tomcat versions 9.0.114 through 9.0.115

Description An issue exists in Apache Tomcat where the configured cipher preference order is not preserved. Upgrade to version 11.0.20, 10.1.53, or 9.0.116 to resolve this issue.

Recommendations Upgrade to Apache Tomcat version 11.0.20 Upgrade to Apache Tomcat version 10.1.53 Upgrade to Apache Tomcat version 9.0.116

Fix

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327

Related Identifiers

BIT-TOMCAT-2026-29129

CVE-2026-29129

GHSA-69CC-CV78-QC8G

MGASA-2026-0095

OESA-2026-1970

OPENSUSE-SU-2026:10547-1

OPENSUSE-SU-2026:10548-1

OPENSUSE-SU-2026:10549-1

OPENSUSE-SU-2026:20595-1

OPENSUSE-SU-2026:20611-1

OPENSUSE-SU-2026:20612-1

SUSE-SU-2026:1558-1

SUSE-SU-2026:1572-1

SUSE-SU-2026:1603-1

SUSE-SU-2026:1604-1

Affected Products

Apache Tomcat

CVE-2026-29129

Weakness Enumeration

Related Identifiers

Affected Products

References · 80