Apache Tomcat: Unauthenticated Access to Sensitive Data

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Apache Tomcat: Unauthenticated Access to Sensitive Data

ROOT-APP-MAVEN-CVE-2026-29145

Summary

Apache Tomcat contains a security patch that fixes a vulnerability that allows an attacker to access sensitive data without needing a password. This affects users of Apache Tomcat who have not updated their software. To fix this issue, update to a patched version of Apache Tomcat.

What to do

Update io.root.org.apache.tomcat:tomcat-catalina to version 10.1.39-root.io.6.
Update io.root.org.apache.tomcat:tomcat-catalina to version 10.1.39-root.io.8.
Update io.root.org.apache.tomcat:tomcat-catalina to version 10.1.39-root.io.9.
Update io.root.org.apache.tomcat:tomcat-catalina to version 10.1.39-root.io.10.

Affected software

Ecosystem	Vendor	Product	Affected versions
Root:Maven	–	io.root.org.apache.tomcat:tomcat-catalina	< 10.1.39-root.io.6 < 10.1.39-root.io.8 < 10.1.39-root.io.9 < 10.1.39-root.io.10 Fix: upgrade to 10.1.39-root.io.6

Original title

CVE-2026-29145 in io.root.org.apache.tomcat:tomcat-catalina - Patched by Root

Original description

Root has patched CVE-2026-29145 in the io.root.org.apache.tomcat:tomcat-catalina package for Root:Maven. Multiple fixed versions available.

Published: 17 Apr 2026 · Updated: 17 Apr 2026 · First seen: 14 Apr 2026