Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Apache Tomcat Core Has a Password Exposure Risk
ROOT-APP-MAVEN-CVE-2026-34487
Summary
Apache Tomcat is a widely used server software. A recent update fixed a critical issue where passwords might be exposed to unauthorized access. Update to the latest version to protect sensitive information.
What to do
- Update io.root.org.apache.tomcat.embed:tomcat-embed-core to version 10.1.39-root.io.6.
- Update io.root.org.apache.tomcat.embed:tomcat-embed-core to version 10.1.39-root.io.8.
- Update io.root.org.apache.tomcat.embed:tomcat-embed-core to version 10.1.39-root.io.9.
- Update io.root.org.apache.tomcat.embed:tomcat-embed-core to version 10.1.39-root.io.10.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Root:Maven | – | io.root.org.apache.tomcat.embed:tomcat-embed-core |
< 10.1.39-root.io.6 < 10.1.39-root.io.8 < 10.1.39-root.io.9 < 10.1.39-root.io.10 Fix: upgrade to 10.1.39-root.io.6
|
Original title
CVE-2026-34487 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root
Original description
Root has patched CVE-2026-34487 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available.
Published: 17 Apr 2026 · Updated: 17 Apr 2026 · First seen: 14 Apr 2026