CVE-2026-24734

EUVD-2026-7833

17.02.2026, 19:21

Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat.

When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed.

This issue affects Apache Tomcat Native: from 1.3.0 through 1.3.4, from 2.0.0 through 2.0.11; Apache Tomcat: from 11.0.0-M1 through 11.0.17, from 10.1.0-M7 through 10.1.51, from 9.0.83 through 9.0.114.

The following versions were EOL at the time the CVE was created but are
known to be affected: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39. Older EOL versions are not affected.

Apache Tomcat Native users are recommended to upgrade to versions 1.3.5 or later or 2.0.12 or later, which fix the issue.

Apache Tomcat users are recommended to upgrade to versions 11.0.18 or later, 10.1.52 or later or 9.0.115 or later which fix the issue.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 25%

Affected Products (NVD)

Vendor	Product	Version
apache	tomcat	9.0.83 ≤ 𝑥 < 9.0.115
apache	tomcat	10.1.1 ≤ 𝑥 < 10.1.52
apache	tomcat	11.0.1 ≤ 𝑥 < 11.0.18
apache	tomcat	10.1.0:milestone1
apache	tomcat	10.1.0:milestone10
apache	tomcat	10.1.0:milestone11
apache	tomcat	10.1.0:milestone12
apache	tomcat	10.1.0:milestone13
apache	tomcat	10.1.0:milestone14
apache	tomcat	10.1.0:milestone15
apache	tomcat	10.1.0:milestone16
apache	tomcat	10.1.0:milestone17
apache	tomcat	10.1.0:milestone18
apache	tomcat	10.1.0:milestone19
apache	tomcat	10.1.0:milestone2
apache	tomcat	10.1.0:milestone20
apache	tomcat	10.1.0:milestone3
apache	tomcat	10.1.0:milestone4
apache	tomcat	10.1.0:milestone5
apache	tomcat	10.1.0:milestone6
apache	tomcat	10.1.0:milestone7
apache	tomcat	10.1.0:milestone8
apache	tomcat	10.1.0:milestone9
apache	tomcat	11.0.0:milestone1
apache	tomcat	11.0.0:milestone10
apache	tomcat	11.0.0:milestone11
apache	tomcat	11.0.0:milestone12
apache	tomcat	11.0.0:milestone13
apache	tomcat	11.0.0:milestone14
apache	tomcat	11.0.0:milestone15
apache	tomcat	11.0.0:milestone16
apache	tomcat	11.0.0:milestone17
apache	tomcat	11.0.0:milestone18
apache	tomcat	11.0.0:milestone19
apache	tomcat	11.0.0:milestone2
apache	tomcat	11.0.0:milestone20
apache	tomcat	11.0.0:milestone21
apache	tomcat	11.0.0:milestone22
apache	tomcat	11.0.0:milestone23
apache	tomcat	11.0.0:milestone24
apache	tomcat	11.0.0:milestone25
apache	tomcat	11.0.0:milestone26
apache	tomcat	11.0.0:milestone3
apache	tomcat	11.0.0:milestone4
apache	tomcat	11.0.0:milestone5
apache	tomcat	11.0.0:milestone6
apache	tomcat	11.0.0:milestone7
apache	tomcat	11.0.0:milestone8
apache	tomcat	11.0.0:milestone9
apache	tomcat_native	1.3.0 ≤ 𝑥 < 1.3.5
apache	tomcat_native	2.0.0 ≤ 𝑥 < 2.0.12

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

tomcat10

bookworm	10.1.52-1~deb12u1 fixed
bookworm (security)	10.1.52-1~deb12u1 fixed
forky	10.1.54-1 fixed
sid	10.1.54-1 fixed
trixie	10.1.52-1~deb13u1 fixed
trixie (security)	10.1.52-1~deb13u1 fixed

tomcat11

forky	11.0.21-1 fixed
sid	11.0.22-2 fixed
trixie	postponed
trixie (security)	vulnerable

tomcat9

bookworm	9.0.70-2 fixed
bullseye	vulnerable
bullseye (security)	9.0.107-0+deb11u2 fixed
forky	9.0.115-1 fixed
sid	9.0.115-1 fixed
trixie	9.0.95-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

tomcat6

jammy	dne
noble	dne
questing	dne
resolute	dne
trusty	needs-triage
xenial	needs-triage

tomcat7

bionic	needs-triage
jammy	dne
noble	dne
questing	dne
resolute	dne
trusty	needs-triage
xenial	needs-triage

tomcat8

bionic	needs-triage
jammy	dne
noble	dne
questing	dne
resolute	dne
xenial	needs-triage

tomcat9

bionic	needs-triage
focal	needs-triage
jammy	needs-triage
noble	needs-triage
questing	needs-triage
resolute	needs-triage

tomcat10

jammy	dne
noble	needs-triage
questing	needs-triage
resolute	needs-triage

tomcat11

bionic	dne
focal	dne
jammy	dne
noble	dne
questing	needs-triage
resolute	needs-triage
trusty	dne
xenial	dne

openSUSE / SLES Releases

openSUSE Product

Release

tomcat

suse enterprise sap 15 SP4	9.0.115-150200.102.1 fixed
suse enterprise sap 15 SP5	9.0.115-150200.102.1 fixed
suse enterprise sap 15 SP6	9.0.115-150200.102.1 fixed
suse enterprise sap 15 SP7	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP4	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP5	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP6	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP7	9.0.115-150200.102.1 fixed

tomcat-admin-webapps

suse enterprise sap 15 SP4	9.0.115-150200.102.1 fixed
suse enterprise sap 15 SP5	9.0.115-150200.102.1 fixed
suse enterprise sap 15 SP6	9.0.115-150200.102.1 fixed
suse enterprise sap 15 SP7	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP4	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP5	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP6	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP7	9.0.115-150200.102.1 fixed

tomcat-el-3_0-api

suse enterprise sap 15 SP4	9.0.115-150200.102.1 fixed
suse enterprise sap 15 SP5	9.0.115-150200.102.1 fixed
suse enterprise sap 15 SP6	9.0.115-150200.102.1 fixed
suse enterprise sap 15 SP7	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP4	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP5	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP6	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP7	9.0.115-150200.102.1 fixed

tomcat-jsp-2_3-api

suse enterprise sap 15 SP4	9.0.115-150200.102.1 fixed
suse enterprise sap 15 SP5	9.0.115-150200.102.1 fixed
suse enterprise sap 15 SP6	9.0.115-150200.102.1 fixed
suse enterprise sap 15 SP7	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP4	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP5	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP6	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP7	9.0.115-150200.102.1 fixed

tomcat-lib

suse enterprise sap 15 SP4	9.0.115-150200.102.1 fixed
suse enterprise sap 15 SP5	9.0.115-150200.102.1 fixed
suse enterprise sap 15 SP6	9.0.115-150200.102.1 fixed
suse enterprise sap 15 SP7	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP4	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP5	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP6	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP7	9.0.115-150200.102.1 fixed

tomcat-servlet-4_0-api

suse enterprise sap 15 SP4	9.0.115-150200.102.1 fixed
suse enterprise sap 15 SP5	9.0.115-150200.102.1 fixed
suse enterprise sap 15 SP6	9.0.115-150200.102.1 fixed
suse enterprise sap 15 SP7	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP4	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP5	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP6	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP7	9.0.115-150200.102.1 fixed

tomcat-webapps

suse enterprise sap 15 SP4	9.0.115-150200.102.1 fixed
suse enterprise sap 15 SP5	9.0.115-150200.102.1 fixed
suse enterprise sap 15 SP6	9.0.115-150200.102.1 fixed
suse enterprise sap 15 SP7	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP4	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP5	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP6	9.0.115-150200.102.1 fixed
suse enterprise server 15 SP7	9.0.115-150200.102.1 fixed

tomcat10

suse enterprise sap 15 SP5	10.1.52-150200.5.61.1 fixed
suse enterprise sap 15 SP6	10.1.52-150200.5.61.1 fixed
suse enterprise sap 15 SP7	10.1.52-150200.5.61.1 fixed
suse enterprise server 15 SP5	10.1.52-150200.5.61.1 fixed
suse enterprise server 15 SP6	10.1.52-150200.5.61.1 fixed
suse enterprise server 15 SP7	10.1.52-150200.5.61.1 fixed

tomcat10-admin-webapps

suse enterprise sap 15 SP5	10.1.52-150200.5.61.1 fixed
suse enterprise sap 15 SP6	10.1.52-150200.5.61.1 fixed
suse enterprise sap 15 SP7	10.1.52-150200.5.61.1 fixed
suse enterprise server 15 SP5	10.1.52-150200.5.61.1 fixed
suse enterprise server 15 SP6	10.1.52-150200.5.61.1 fixed
suse enterprise server 15 SP7	10.1.52-150200.5.61.1 fixed

tomcat10-el-5_0-api

suse enterprise sap 15 SP5	10.1.52-150200.5.61.1 fixed
suse enterprise sap 15 SP6	10.1.52-150200.5.61.1 fixed
suse enterprise sap 15 SP7	10.1.52-150200.5.61.1 fixed
suse enterprise server 15 SP5	10.1.52-150200.5.61.1 fixed
suse enterprise server 15 SP6	10.1.52-150200.5.61.1 fixed
suse enterprise server 15 SP7	10.1.52-150200.5.61.1 fixed

tomcat10-jsp-3_1-api

suse enterprise sap 15 SP5	10.1.52-150200.5.61.1 fixed
suse enterprise sap 15 SP6	10.1.52-150200.5.61.1 fixed
suse enterprise sap 15 SP7	10.1.52-150200.5.61.1 fixed
suse enterprise server 15 SP5	10.1.52-150200.5.61.1 fixed
suse enterprise server 15 SP6	10.1.52-150200.5.61.1 fixed
suse enterprise server 15 SP7	10.1.52-150200.5.61.1 fixed

tomcat10-lib

suse enterprise sap 15 SP5	10.1.52-150200.5.61.1 fixed
suse enterprise sap 15 SP6	10.1.52-150200.5.61.1 fixed
suse enterprise sap 15 SP7	10.1.52-150200.5.61.1 fixed
suse enterprise server 15 SP5	10.1.52-150200.5.61.1 fixed
suse enterprise server 15 SP6	10.1.52-150200.5.61.1 fixed
suse enterprise server 15 SP7	10.1.52-150200.5.61.1 fixed

tomcat10-servlet-6_0-api

suse enterprise sap 15 SP5	10.1.52-150200.5.61.1 fixed
suse enterprise sap 15 SP6	10.1.52-150200.5.61.1 fixed
suse enterprise sap 15 SP7	10.1.52-150200.5.61.1 fixed
suse enterprise server 15 SP5	10.1.52-150200.5.61.1 fixed
suse enterprise server 15 SP6	10.1.52-150200.5.61.1 fixed
suse enterprise server 15 SP7	10.1.52-150200.5.61.1 fixed

tomcat10-webapps

suse enterprise sap 15 SP5	10.1.52-150200.5.61.1 fixed
suse enterprise sap 15 SP6	10.1.52-150200.5.61.1 fixed
suse enterprise sap 15 SP7	10.1.52-150200.5.61.1 fixed
suse enterprise server 15 SP5	10.1.52-150200.5.61.1 fixed
suse enterprise server 15 SP6	10.1.52-150200.5.61.1 fixed
suse enterprise server 15 SP7	10.1.52-150200.5.61.1 fixed

tomcat11

suse enterprise sap 15 SP6	11.0.18-150600.13.15.1 fixed
suse enterprise sap 15 SP7	11.0.18-150600.13.15.1 fixed
suse enterprise server 15 SP6	11.0.18-150600.13.15.1 fixed
suse enterprise server 15 SP7	11.0.18-150600.13.15.1 fixed

tomcat11-admin-webapps

suse enterprise sap 15 SP6	11.0.18-150600.13.15.1 fixed
suse enterprise sap 15 SP7	11.0.18-150600.13.15.1 fixed
suse enterprise server 15 SP6	11.0.18-150600.13.15.1 fixed
suse enterprise server 15 SP7	11.0.18-150600.13.15.1 fixed

tomcat11-el-6_0-api

suse enterprise sap 15 SP6	11.0.18-150600.13.15.1 fixed
suse enterprise sap 15 SP7	11.0.18-150600.13.15.1 fixed
suse enterprise server 15 SP6	11.0.18-150600.13.15.1 fixed
suse enterprise server 15 SP7	11.0.18-150600.13.15.1 fixed

tomcat11-jsp-4_0-api

suse enterprise sap 15 SP6	11.0.18-150600.13.15.1 fixed
suse enterprise sap 15 SP7	11.0.18-150600.13.15.1 fixed
suse enterprise server 15 SP6	11.0.18-150600.13.15.1 fixed
suse enterprise server 15 SP7	11.0.18-150600.13.15.1 fixed

tomcat11-lib

suse enterprise sap 15 SP6	11.0.18-150600.13.15.1 fixed
suse enterprise sap 15 SP7	11.0.18-150600.13.15.1 fixed
suse enterprise server 15 SP6	11.0.18-150600.13.15.1 fixed
suse enterprise server 15 SP7	11.0.18-150600.13.15.1 fixed

tomcat11-servlet-6_1-api

suse enterprise sap 15 SP6	11.0.18-150600.13.15.1 fixed
suse enterprise sap 15 SP7	11.0.18-150600.13.15.1 fixed
suse enterprise server 15 SP6	11.0.18-150600.13.15.1 fixed
suse enterprise server 15 SP7	11.0.18-150600.13.15.1 fixed

tomcat11-webapps

suse enterprise sap 15 SP6	11.0.18-150600.13.15.1 fixed
suse enterprise sap 15 SP7	11.0.18-150600.13.15.1 fixed
suse enterprise server 15 SP6	11.0.18-150600.13.15.1 fixed
suse enterprise server 15 SP7	11.0.18-150600.13.15.1 fixed

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Vulnerability Media Exposure

[GERMAN] Atlassian Produkte (Bamboo, Bitbucket, Confluence, Crucible, Fisheye und Jira): Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence, Atlassian Crucible, Atlassian Fisheye und Atlassian Jira ausnutzen, um beliebigen Programmcode auszuführen, um einen Denial of Service Angriff durchzuführen, um Informationen offenzulegen, um einen Cross-Site Scripting Angriff durchzuführen, und um Sicherheitsvorkehrungen zu umgehen.
Published: 2026-05-19T22:00:00+00:00

References

https://lists.apache.org/thread/292dlmx3fz1888v6v16221kpozq56gml