CVE-2026-41284
EUVD-2026-2951312.05.2026, 16:16
Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117. Older, unsupported versions may also be affected. Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| apache | tomcat | 4.0.0 ≤ 𝑥 ≤ 7.0.109 |
| apache | tomcat | 8.5.0 ≤ 𝑥 ≤ 8.5.100 |
| apache | tomcat | 9.0.0 ≤ 𝑥 < 9.0.118 |
| apache | tomcat | 10.0.0 ≤ 𝑥 ≤ 10.0.27 |
| apache | tomcat | 10.1.0 ≤ 𝑥 < 10.1.55 |
| apache | tomcat | 11.0.0 ≤ 𝑥 < 11.0.22 |
𝑥
= Vulnerable software versions
openSUSE / SLES Releases
openSUSE Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| tomcat10 |
| ||||||||||||
| tomcat10-admin-webapps |
| ||||||||||||
| tomcat10-el-5_0-api |
| ||||||||||||
| tomcat10-jsp-3_1-api |
| ||||||||||||
| tomcat10-lib |
| ||||||||||||
| tomcat10-servlet-6_0-api |
| ||||||||||||
| tomcat10-webapps |
| ||||||||||||
| tomcat11 |
| ||||||||||||
| tomcat11-admin-webapps |
| ||||||||||||
| tomcat11-el-6_0-api |
| ||||||||||||
| tomcat11-jsp-4_0-api |
| ||||||||||||
| tomcat11-lib |
| ||||||||||||
| tomcat11-servlet-6_1-api |
| ||||||||||||
| tomcat11-webapps |
|
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| tomcat10 |
| ||
| tomcat10-admin-webapps |
| ||
| tomcat10-docs-webapp |
| ||
| tomcat10-el-5.0-api |
| ||
| tomcat10-jsp-3.1-api |
| ||
| tomcat10-lib |
| ||
| tomcat10-servlet-6.0-api |
| ||
| tomcat10-webapps |
| ||
| tomcat9 |
| ||
| tomcat9-admin-webapps |
| ||
| tomcat9-docs-webapp |
| ||
| tomcat9-el-3.0-api |
| ||
| tomcat9-jsp-2.3-api |
| ||
| tomcat9-lib |
| ||
| tomcat9-servlet-4.0-api |
| ||
| tomcat9-webapps |
|
Vulnerability Media Exposure