VYPR
Critical severity9.8NVD Advisory· Published May 12, 2026· Updated May 15, 2026

CVE-2026-41293

CVE-2026-41293

Description

Improper Input Validation vulnerability in Apache Tomcat.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27. Older, end of support versions may also be affected.

Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.tomcat.embed:tomcat-embed-coreMaven
< 9.0.1189.0.118
org.apache.tomcat.embed:tomcat-embed-coreMaven
>= 10.1.0-M1, < 10.1.5510.1.55
org.apache.tomcat.embed:tomcat-embed-coreMaven
>= 11.0.0-M1, < 11.0.2211.0.22
org.apache.tomcat:tomcatMaven
< 9.0.1189.0.118
org.apache.tomcat:tomcatMaven
>= 10.1.0-M1, < 10.1.5510.1.55
org.apache.tomcat:tomcatMaven
>= 11.0.0-M1, < 11.0.2211.0.22
org.apache.tomcat:tomcat-catalinaMaven
< 9.0.1189.0.118
org.apache.tomcat:tomcat-catalinaMaven
>= 10.1.0-M1, < 10.1.5510.1.55
org.apache.tomcat:tomcat-catalinaMaven
>= 11.0.0-M1, < 11.0.2211.0.22

Affected products

40

Patches

Vulnerability mechanics

References

16

News mentions

2