QSearchQSearch

CVE-2026-34486

7.5 HIGH

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptI...

Published: 2026-04-09 · Last updated: 2026-05-26

Severity and scoring

CVSS
7.5 HIGH
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
CWE-311

Affected products

VendorProduct
apachetomcat

Description

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-34905 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Answer (6.5 MEDIUM)
  • CVE-2026-34031 Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer (6.5 MEDIUM)
  • CVE-2026-33582 Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer (6.5 MEDIUM)
  • CVE-2026-25699 Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Apache Answer (6.1 MEDIUM)
  • CVE-2026-25688 Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer (6.1 MEDIUM)

Same CWE

  • CVE-2026-53442 Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job c... (5.3 MEDIUM)
  • CVE-2025-13453 A potential vulnerability was reported in some ThinkPlus USB drives that could allow a user with physical access to read data stored on t... (4.6 MEDIUM)
  • CVE-2020-7567 A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the ... (5.7 MEDIUM)
  • CVE-2017-14852 An insecure communication was found between a user and the Orpak SiteOmat management console for all known versions, due to an invalid SS... (8.6 HIGH)