
[CIVN-2026-0355] Multiple Vulnerabilities in Apache Tomcat
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Apache Tomcat
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: HIGH
Software Affected
Apache Tomcat 9 versions prior to 9.0.119
Apache Tomcat 10.1 versions prior to 10.1.56
Apache Tomcat 11 versions prior to 11.0.23
Overview
Multiple vulnerabilities have been reported in Apache Tomcat, which could allow a remote attacker to perform cross-site scripting, bypass security restrictions, elevate privileges, or gain unauthorized access to protected resources on the affected system.
Target Audience:
All end-user organizations and individuals responsible for maintaining and updating Apache Tomcat.
Risk Assessment:
Risk of cross-site scripting, authentication bypass, privilege escalation, security restriction bypass, and unauthorized access to protected resources.
Impact Assessment:
Potential for sensitive information disclosure and system compromise.
Description
Apache Tomcat is an open-source web server and servlet container that runs Java-based web applications.
Multiple vulnerabilities have been identified in Apache Tomcat due to improper input validation, improper authorization, improper authentication, insufficient enforcement of security constraints, and Incorrect Control Flow Implementation in various components.
Successful exploitation of these vulnerabilities could allow a remote attacker to perform cross-site scripting, bypass security restrictions, elevate privileges, or gain unauthorized access to protected resources on the affected system.
Solution
Apply appropriate security updates as mentioned in the Apache Tomcat Security Updates:
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.119
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.56
https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.23
Vendor Information
Apache Tomcat
https://tomcat.apache.org/
References
Apache Tomcat
https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.119
https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.56
https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.23
CVE Name
CVE-2026-50229
CVE-2026-53404
CVE-2026-53434
CVE-2026-55276
CVE-2026-55955
CVE-2026-55956
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmpLwWcACgkQ3jCgcSdc
ys/cbw/+ImPeg3XZXShjeFu9YWNXv2w2X/hRdYUkWpya9gvhtqd9VYjZbavQ5BuC
Q6DERV6QJoel276a/vamOqQEhnOI4YyFzK7oHhWG1XpgNDxgJxAVOBqWSm9F5IFE
5pr/GzVTLo/ROT+e7o053TPmA1f0okwBJQZexat01qY9Xe0oHrj4l1m9xkpPUpdi
VjlYOBBpdZPk3SFQzjDb8mwABYItyzFNaYB21tF/wBjSYsx/QHitvSld4qUbx76f
ZA/LjTlv4+7thoxYAvFtSwB/QiMxfc/JzFxH3kQ3u6yQafKGa+5hDiy9kduWW3uX
1W+bm6uVVDdh1XhbvkUx+xEBzi3poFseGcDL4/FdWiAG09kJRZlMswGa9MHe8oE1
vSUWaId4Wyda74JG6YmZFFxqfTxh4dl7k/GdySmww7Sn1L5614tM/FBRluOu+sfA
ncGUchYY/kN4rBiqp+lWpx8iB5kj8lDJZOgIWqFJbdPdZH0RKC3nsDBDlI2+xpOq
VfWGAN7QKbnY0/OiLY8d8SlmedYbz2rxuxP6hmEzuO1/BdYTF6mN8DZBZJkugppN
RZ9SHWM1wfPArN4xI8qOAhjjnt0b3OJYSoPQqNbPbxpt2SZvjiE9kpcLLiYhCRML
sMUPM5b33umbdr3ViA2f2Q9zzxwDV67YOtXiDdHz+f6fx4Y7O04=
=ZqKg
—–END PGP SIGNATURE—–


