CVE-2026-34487

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.20, versions 10.1.0-M1 through 10.1.53, and versions 9.0.13 through 9.0.116

Description An issue exists in the cloud membership for clustering component of Apache Tomcat that allows for the insertion of sensitive information into log files, specifically exposing the Kubernetes bearer token.

Recommendations Upgrade to version 11.0.21 Upgrade to version 10.1.54 Upgrade to version 9.0.117

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

BDU:2026-07147

BIT-TOMCAT-2026-34487

CLEANSTART-2026-IS05941

CVE-2026-34487

GHSA-X4M4-345F-5H5G

MGASA-2026-0095

OESA-2026-1970

OPENSUSE-SU-2026:10547-1

OPENSUSE-SU-2026:10548-1

OPENSUSE-SU-2026:10549-1

OPENSUSE-SU-2026:20595-1

OPENSUSE-SU-2026:20611-1

OPENSUSE-SU-2026:20612-1

SUSE-SU-2026:1558-1

SUSE-SU-2026:1572-1

SUSE-SU-2026:1603-1

SUSE-SU-2026:1604-1

Affected Products

Apache Tomcat

Confluence

Red Os

CVE-2026-34487

Weakness Enumeration

Related Identifiers

Affected Products

References · 128