Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
9.1

CVE-2026-53434: Apache Tomcat: CRL misconfiguration exposes sensitive info

CVE-2026-53434 BIT-tomcat-2026-53434
Summary

Apache Tomcat versions 11, 10, and 9 have a configuration issue that could reveal sensitive information. To fix this, update to the latest version, specifically 11.0.23, 10.1.56, or 9.0.119.

What to do
  • Update tomcat to version 11.0.5.
Affected software
Ecosystem VendorProductAffected versions
Bitnami – tomcat >= 11.0.0, < 11.0.5
Fix: upgrade to 11.0.5
Original title
Apache Tomcat: Invalid CRL configuration doesn't trigger failure for FFM Connector
Original description
Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector.

This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.83 through 9.0.118.

Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fixes the issue.
Vulnerability type
CWE-390
Published: 6 Jul 2026 · Updated: 6 Jul 2026 · First seen: 29 Jun 2026