CVE-2026-34486

CVSS v3.1

7.5

High

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.20, 10.1.53, and 9.0.116

Description A missing encryption of sensitive data issue exists in Apache Tomcat due to a bypass of the EncryptInterceptor. This could expose sensitive data.

Recommendations Upgrade to version 11.0.21 Upgrade to version 10.1.54 Upgrade to version 9.0.117

Fix

RCE

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311

Related Identifiers

BIT-TOMCAT-2026-34486

CVE-2026-34486

GHSA-69R9-QGR7-G2WJ

MGASA-2026-0095

Affected Products

Apache Tomcat

CVE-2026-34486

Weakness Enumeration

Related Identifiers

Affected Products

References · 28