CVE-2026-34487 in Tomcatالمعلومات

الملخص

بحسب MITRE • 09/04/2026

Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116.

Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

Apache

حجز

30/03/2026

إفشاء

09/04/2026

الاعتدال

تمت الموافقة

إدخال

VDB-356678

CPE

جاهز

CWE

CWE-532 (مؤكد)

CVSS

4.3 (VulDB)

EPSS

0.00073

KEV

لا

النشاطات

منخفض جدًا

القطاع

Pharma, Transportation, ...

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-34487
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-34487
CVE Details	https://www.cvedetails.com/cve/CVE-2026-34487/

التالي ▸نظرة عامة ◂ السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!