BIT-tomcat-2026-41293

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2026-41293.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-tomcat-2026-41293

Aliases

CVE-2026-41293
GHSA-r29c-68gh-xp6x

Published

2026-05-14T11:56:42.533Z

Modified

2026-05-18T20:56:22.653812183Z

Summary

Apache Tomcat: HTTP/2 request headers not validated

Details

Improper Input Validation vulnerability in Apache Tomcat.

This issue affects Apache Tomcat: from 11.0.0 through 11.0.21, from 10.1.0 through 10.1.54, from 9.0.0 through 9.0.117, from 10.0.0 through 10.0.27. Older, end of support versions may also be affected.

Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.

Database specific

{
    "severity": "Critical",
    "cpes": [
        "cpe:2.3:a:apache:tomcat:*:*:*:*:*:maven:*:*"
    ]
}

References

Affected packages

Bitnami / tomcat

Package

Name: tomcat
Purl: pkg:bitnami/tomcat

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

10.0.0

Fixed

10.1.55

Introduced

11.0.0

Fixed

11.0.22

Introduced

9.0.0

Fixed

9.0.118

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/tomcat/BIT-tomcat-2026-41293.json"