PT-2026-57993 · Apache · Apache Tomcat

Ndix

·

Published

2026-07-14

·

Updated

2026-07-14

·

CVE-2026-59084

CVSS v3.1

9.1

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.23 Apache Tomcat versions 10.1.0-M1 through 10.1.56 Apache Tomcat versions 9.0.13 through 9.0.119 Apache Tomcat versions 8.5.38 through 8.5.100 Apache Tomcat versions 7.0.100 through 7.0.109
Description Insufficient technical documentation regarding the requirements to securely configure the EncryptInterceptor component.
Recommendations Upgrade to version 11.0.24 Upgrade to version 10.1.57 Upgrade to version 9.0.120

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-59084

Affected Products

Apache Tomcat