CVE-2026-34483

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.20, 10.1.0-M1 through 10.1.53, and 9.0.40 through 9.0.116

Description A flaw exists within the JsonAccessLogValve component of Apache Tomcat related to improper encoding or escaping of output.

Recommendations Upgrade to version 11.0.21 Upgrade to version 10.1.54 Upgrade to version 9.0.117

Fix

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-116

Related Identifiers

BDU:2026-07145

BIT-TOMCAT-2026-34483

CLEANSTART-2026-IS05941

CVE-2026-34483

GHSA-RV64-5GF8-9QQ8

MGASA-2026-0095

OESA-2026-1970

OPENSUSE-SU-2026:10547-1

OPENSUSE-SU-2026:10548-1

OPENSUSE-SU-2026:10549-1

OPENSUSE-SU-2026:20595-1

OPENSUSE-SU-2026:20611-1

OPENSUSE-SU-2026:20612-1

SUSE-SU-2026:1558-1

SUSE-SU-2026:1572-1

SUSE-SU-2026:1603-1

SUSE-SU-2026:1604-1

Affected Products

Apache Tomcat

Confluence

Red Os

CVE-2026-34483

Weakness Enumeration

Related Identifiers

Affected Products

References · 127