Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Apache Tomcat: Unauthenticated Remote Code Execution
ROOT-APP-MAVEN-CVE-2026-34500
Summary
Apache Tomcat's embedded core library has a security issue that allows unauthorized access to your system. This could potentially allow attackers to execute malicious code on your server without needing a password. Update to a patched version to fix this vulnerability.
What to do
- Update io.root.org.apache.tomcat.embed:tomcat-embed-core to version 10.1.39-root.io.8.
- Update io.root.org.apache.tomcat.embed:tomcat-embed-core to version 10.1.39-root.io.9.
- Update io.root.org.apache.tomcat.embed:tomcat-embed-core to version 10.1.39-root.io.10.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Root:Maven | – | io.root.org.apache.tomcat.embed:tomcat-embed-core |
< 10.1.39-root.io.8 < 10.1.39-root.io.9 < 10.1.39-root.io.10 Fix: upgrade to 10.1.39-root.io.8
|
Original title
CVE-2026-34500 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root
Original description
Root has patched CVE-2026-34500 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available.
Published: 17 Apr 2026 · Updated: 17 Apr 2026 · First seen: 14 Apr 2026