High severity7.5NVD Advisory· Published Apr 9, 2026· Updated Apr 14, 2026
CVE-2026-29129
CVE-2026-29129
Description
Configured cipher preference order not preserved vulnerability in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115.
Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.tomcat:tomcat-catalinaMaven | >= 9.0.114, < 9.0.116 | 9.0.116 |
org.apache.tomcat:tomcat-catalinaMaven | >= 10.1.51, < 10.1.53 | 10.1.53 |
org.apache.tomcat:tomcat-catalinaMaven | >= 11.0.16, < 11.0.20 | 11.0.20 |
org.apache.tomcat:tomcatMaven | >= 9.0.114, < 9.0.116 | 9.0.116 |
org.apache.tomcat:tomcatMaven | >= 10.1.51, < 10.1.53 | 10.1.53 |
org.apache.tomcat:tomcatMaven | >= 11.0.16, < 11.0.20 | 11.0.20 |
org.apache.tomcat.embed:tomcat-embed-coreMaven | >= 9.0.114, < 9.0.116 | 9.0.116 |
org.apache.tomcat.embed:tomcat-embed-coreMaven | >= 10.1.51, < 10.1.53 | 10.1.53 |
org.apache.tomcat.embed:tomcat-embed-coreMaven | >= 11.0.16, < 11.0.20 | 11.0.20 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- www.openwall.com/lists/oss-security/2026/04/09/22nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-69cc-cv78-qc8gghsaADVISORY
- lists.apache.org/thread/r4h1t6f8xhxsxfm6c2z5cprolsosho3fnvdMailing ListVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-29129ghsaADVISORY
News mentions
0No linked articles in our index yet.