Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.1
CVE-2026-53434: Apache Tomcat: CRL misconfiguration exposes sensitive info
CVE-2026-53434
BIT-tomcat-2026-53434
Summary
Apache Tomcat versions 11, 10, and 9 have a configuration issue that could reveal sensitive information. To fix this, update to the latest version, specifically 11.0.23, 10.1.56, or 9.0.119.
What to do
- Update tomcat to version 11.0.5.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Bitnami | – | tomcat |
>= 11.0.0, < 11.0.5 Fix: upgrade to 11.0.5
|
Original title
Apache Tomcat: Invalid CRL configuration doesn't trigger failure for FFM Connector
Original description
Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector.
This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.83 through 9.0.118.
Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fixes the issue.
This issue affects Apache Tomcat: from 11.0.0 through 11.0.22, from 10.1.0 through 10.1.55, from 9.0.83 through 9.0.118.
Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fixes the issue.
Vulnerability type
CWE-390
Published: 6 Jul 2026 · Updated: 6 Jul 2026 · First seen: 29 Jun 2026