High severity7.5NVD Advisory· Published Apr 9, 2026· Updated Apr 14, 2026
CVE-2026-34483
CVE-2026-34483
Description
Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116.
Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117 , which fix the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.tomcat:tomcat-catalinaMaven | >= 9.0.40, < 9.0.116 | 9.0.116 |
org.apache.tomcat:tomcat-catalinaMaven | >= 10.1.0-M1, < 10.1.54 | 10.1.54 |
org.apache.tomcat:tomcat-catalinaMaven | >= 11.0.0-M1, < 11.0.21 | 11.0.21 |
org.apache.tomcat:tomcatMaven | >= 9.0.40, < 9.0.116 | 9.0.116 |
org.apache.tomcat:tomcatMaven | >= 10.1.0-M1, < 10.1.54 | 10.1.54 |
org.apache.tomcat:tomcatMaven | >= 11.0.0-M1, < 11.0.21 | 11.0.21 |
org.apache.tomcat.embed:tomcat-embed-coreMaven | >= 9.0.40, < 9.0.116 | 9.0.116 |
org.apache.tomcat.embed:tomcat-embed-coreMaven | >= 10.1.0-M1, < 10.1.54 | 10.1.54 |
org.apache.tomcat.embed:tomcat-embed-coreMaven | >= 11.0.0-M1, < 11.0.21 | 11.0.21 |
Affected products
56- osv-coords55 versionspkg:apk/chainguard/camunda-8.8pkg:apk/chainguard/camunda-zeebe-8.6pkg:apk/chainguard/camunda-zeebe-8.7pkg:apk/chainguard/camunda-zeebe-8.8pkg:apk/chainguard/kayenta-2025.0pkg:apk/chainguard/kayenta-2025.1pkg:apk/chainguard/kayenta-2025.2pkg:apk/chainguard/kayenta-2025.4pkg:apk/chainguard/kayenta-2026.0pkg:apk/chainguard/kayenta-fips-2025.0pkg:apk/chainguard/kayenta-fips-2025.1pkg:apk/chainguard/kayenta-fips-2025.2pkg:apk/chainguard/kayenta-fips-2025.4pkg:apk/chainguard/kayenta-fips-2026.0pkg:apk/chainguard/nacospkg:apk/chainguard/nacos-dockerpkg:apk/chainguard/ontoppkg:apk/chainguard/ontop-fipspkg:apk/chainguard/thingsboard-tb-mqtt-transportpkg:apk/chainguard/thingsboard-tb-nodepkg:apk/wolfi/thingsboard-tb-mqtt-transportpkg:apk/wolfi/thingsboard-tb-nodepkg:bitnami/tomcatpkg:maven/org.apache.tomcat.embed/tomcat-embed-corepkg:maven/org.apache.tomcat/tomcatpkg:maven/org.apache.tomcat/tomcat-catalinapkg:rpm/opensuse/tomcat10&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/tomcat10&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/tomcat11&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/tomcat11&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/tomcat&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/tomcat&distro=openSUSE%20Tumbleweedpkg:rpm/suse/tomcat10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/tomcat10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/tomcat10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP7pkg:rpm/suse/tomcat10&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/tomcat10&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/tomcat10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/tomcat10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/tomcat11&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP7pkg:rpm/suse/tomcat11&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/tomcat11&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP7pkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/tomcat&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
< 8.8.22-r0+ 54 more
- (no CPE)range: < 8.8.22-r0
- (no CPE)range: < 8.6.39-r0
- (no CPE)range: < 8.7.27-r0
- (no CPE)range: < 8.8.22-r0
- (no CPE)range: < 2025.0.8-r11
- (no CPE)range: < 2025.1.6-r9
- (no CPE)range: < 2025.2.4-r5
- (no CPE)range: < 2025.4.3-r6
- (no CPE)range: < 2026.0.2-r6
- (no CPE)range: < 2025.0.8-r13
- (no CPE)range: < 2025.1.6-r10
- (no CPE)range: < 2025.2.4-r6
- (no CPE)range: < 2025.4.3-r7
- (no CPE)range: < 2026.0.2-r7
- (no CPE)range: < 3.2.0-r6
- (no CPE)range: < 3.2.0-r2
- (no CPE)range: < 5.5.0-r8
- (no CPE)range: < 5.5.0-r4
- (no CPE)range: < 4.3.1.1-r11
- (no CPE)range: < 4.3.1.1-r11
- (no CPE)range: < 4.3.1.1-r11
- (no CPE)range: < 4.3.1.1-r11
- (no CPE)range: >= 9.0.40, < 9.0.117
- (no CPE)range: >= 9.0.40, < 9.0.116
- (no CPE)range: >= 9.0.40, < 9.0.116
- (no CPE)range: >= 9.0.40, < 9.0.116
- (no CPE)range: < 10.1.54-160000.1.1
- (no CPE)range: < 10.1.54-1.1
- (no CPE)range: < 11.0.21-160000.1.1
- (no CPE)range: < 11.0.21-1.1
- (no CPE)range: < 9.0.117-160000.1.1
- (no CPE)range: < 9.0.117-1.1
- (no CPE)range: < 10.1.54-150200.5.64.1
- (no CPE)range: < 10.1.54-150200.5.64.1
- (no CPE)range: < 10.1.54-150200.5.64.1
- (no CPE)range: < 10.1.54-150200.5.64.1
- (no CPE)range: < 10.1.54-150200.5.64.1
- (no CPE)range: < 10.1.54-150200.5.64.1
- (no CPE)range: < 10.1.54-150200.5.64.1
- (no CPE)range: < 11.0.21-150600.13.18.1
- (no CPE)range: < 11.0.21-150600.13.18.1
- (no CPE)range: < 11.0.21-150600.13.18.1
- (no CPE)range: < 9.0.117-150200.105.1
- (no CPE)range: < 9.0.117-150200.105.1
- (no CPE)range: < 9.0.117-150200.105.1
- (no CPE)range: < 9.0.117-150200.105.1
- (no CPE)range: < 9.0.117-150200.105.1
- (no CPE)range: < 9.0.117-3.163.2
- (no CPE)range: < 9.0.117-150200.105.1
- (no CPE)range: < 9.0.117-150200.105.1
- (no CPE)range: < 9.0.117-150200.105.1
- (no CPE)range: < 9.0.117-150200.105.1
- (no CPE)range: < 9.0.117-150200.105.1
- (no CPE)range: < 9.0.117-150200.105.1
- (no CPE)range: < 9.0.117-3.163.2
Patches
Vulnerability mechanics
References
4- www.openwall.com/lists/oss-security/2026/04/09/26nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-rv64-5gf8-9qq8ghsaADVISORY
- lists.apache.org/thread/j1w7304yonlr8vo1tkb5nfs7od1y228bnvdMailing ListVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-34483ghsaADVISORY
News mentions
0No linked articles in our index yet.