CVE-2026-34500

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M14 through 11.0.20, versions 10.1.22 through 10.1.53, and versions 9.0.92 through 9.0.116

Description CLIENT CERT authentication may not fail as expected in certain scenarios when soft fail is disabled and FFM is used.

Recommendations Upgrade to version 11.0.21 Upgrade to version 10.1.54 Upgrade to version 9.0.117

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

BDU:2026-07146

BIT-TOMCAT-2026-34500

CVE-2026-34500

GHSA-24J9-X2WG-9QV6

MGASA-2026-0095

OESA-2026-1970

OPENSUSE-SU-2026:10547-1

OPENSUSE-SU-2026:10548-1

OPENSUSE-SU-2026:10549-1

OPENSUSE-SU-2026:20595-1

OPENSUSE-SU-2026:20611-1

OPENSUSE-SU-2026:20612-1

SUSE-SU-2026:1558-1

SUSE-SU-2026:1572-1

SUSE-SU-2026:1603-1

SUSE-SU-2026:1604-1

Affected Products

Apache Tomcat

Red Os

CVE-2026-34500

Weakness Enumeration

Related Identifiers

Affected Products

References · 91