Apache Tomcat Core Update Needed to Prevent Data Exposure

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Apache Tomcat Core Update Needed to Prevent Data Exposure

ROOT-APP-MAVEN-CVE-2026-25854

Summary

A security patch has been released for Apache Tomcat, a popular web server software. This patch fixes a vulnerability that could allow unauthorized access to sensitive data. Update to the latest version to ensure your system remains secure.

What to do

Update io.root.org.apache.tomcat.embed:tomcat-embed-core to version 10.1.39-root.io.8.
Update io.root.org.apache.tomcat.embed:tomcat-embed-core to version 10.1.39-root.io.9.
Update io.root.org.apache.tomcat.embed:tomcat-embed-core to version 10.1.39-root.io.10.

Affected software

Ecosystem	Vendor	Product	Affected versions
Root:Maven	–	io.root.org.apache.tomcat.embed:tomcat-embed-core	< 10.1.39-root.io.8 < 10.1.39-root.io.9 < 10.1.39-root.io.10 Fix: upgrade to 10.1.39-root.io.8

Original title

CVE-2026-25854 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root

Original description

Root has patched CVE-2026-25854 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available.

Published: 17 Apr 2026 · Updated: 17 Apr 2026 · First seen: 14 Apr 2026