VYPR

Maven package

org.apache.tomcat/tomcat-tribes

pkg:maven/org.apache.tomcat/tomcat-tribes

Vulnerabilities (2)

  • CVE-2026-34486HigApr 9, 2026
    affected >= 11.0.20, < 11.0.21fixed 11.0.21

    Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.

  • CVE-2026-29146HigApr 9, 2026
    affected >= 9.0.13, < 9.0.116fixed 9.0.116

    Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109.