Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Apache Tomcat: Unauthorized Access to Internal Server Configuration
ROOT-APP-MAVEN-CVE-2026-34483
Summary
A security update has been released for Apache Tomcat, which could allow an attacker to access sensitive server configuration. This affects users who have not updated their Tomcat software. To fix the issue, update to a patched version of Tomcat as soon as possible.
What to do
- Update io.root.org.apache.tomcat.embed:tomcat-embed-core to version 10.1.39-root.io.6.
- Update io.root.org.apache.tomcat.embed:tomcat-embed-core to version 10.1.39-root.io.8.
- Update io.root.org.apache.tomcat.embed:tomcat-embed-core to version 10.1.39-root.io.9.
- Update io.root.org.apache.tomcat.embed:tomcat-embed-core to version 10.1.39-root.io.10.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Root:Maven | – | io.root.org.apache.tomcat.embed:tomcat-embed-core |
< 10.1.39-root.io.6 < 10.1.39-root.io.8 < 10.1.39-root.io.9 < 10.1.39-root.io.10 Fix: upgrade to 10.1.39-root.io.6
|
Original title
CVE-2026-34483 in io.root.org.apache.tomcat.embed:tomcat-embed-core - Patched by Root
Original description
Root has patched CVE-2026-34483 in the io.root.org.apache.tomcat.embed:tomcat-embed-core package for Root:Maven. Multiple fixed versions available.
Published: 17 Apr 2026 · Updated: 17 Apr 2026 · First seen: 14 Apr 2026