CVE-2026-34483
EUVD-2026-2105309.04.2026, 20:16
Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117 , which fix the issue.Enginsight
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| apache | tomcat | 𝑥 ≤ 11.0.20 | CNA |
| apache | tomcat | 𝑥 ≤ 10.1.53 | CNA |
| apache | tomcat | 9.0.40 ≤ 𝑥 ≤ 9.0.116 | CNA |
| apache | tomcat | 8.5.84 ≤ 𝑥 ≤ 8.5.100 | CNA |