Apache Tomcat Web Application Manager Remote Code Execution

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

Apache Tomcat Web Application Manager Remote Code Execution

ECHO-0fd5-793c-3eaa

Summary

Apache Tomcat's Web Application Manager is vulnerable to a remote code execution attack, allowing an attacker to execute arbitrary code on a server. This means that an attacker could potentially access and manipulate sensitive data or disrupt server operations. To protect against this, ensure that Apache Tomcat is updated to the latest version and restrict access to the Web Application Manager to authorized users only.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
–	libraw	All versions	–

Original title

ECHO-0fd5-793c-3eaa

https://advisory.echohq.com/cve/CVE-2026-24660 URL

Published: 8 Apr 2026 · Updated: 8 Apr 2026 · First seen: 8 Apr 2026