CVE-2026-24734
- Source
- https://cve.org/CVERecord?id=CVE-2026-24734
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24734.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-24734
- Aliases
- Downstream
- Related
- Published
- 2026-02-17T19:21:56.953Z
- Modified
- 2026-04-16T04:31:30.673083728Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat.
When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP response which could allow certificate revocation to be bypassed.
This issue affects Apache Tomcat Native: from 1.3.0 through 1.3.4, from 2.0.0 through 2.0.11; Apache Tomcat: from 11.0.0-M1 through 11.0.17, from 10.1.0-M7 through 10.1.51, from 9.0.83 through 9.0.114.
The following versions were EOL at the time the CVE was created but are known to be affected: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39. Older EOL versions are not affected.
Apache Tomcat Native users are recommended to upgrade to versions 1.3.5 or later or 2.0.12 or later, which fix the issue.
Apache Tomcat users are recommended to upgrade to versions 11.0.18 or later, 10.1.52 or later or 9.0.115 or later which fix the issue.
- References
Affected packages
Git / github.com/apache/tomcat
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/tomcat
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "9.0.83" }, { "fixed": "9.0.115" }, { "introduced": "10.1.1" }, { "fixed": "10.1.52" }, { "introduced": "11.0.1" }, { "fixed": "11.0.18" }, { "introduced": "0" }, { "last_affected": "10.1.0-milestone1" }, { "introduced": "0" }, { "last_affected": "10.1.0-milestone10" }, { "introduced": "0" }, { "last_affected": "10.1.0-milestone11" }, { "introduced": "0" }, { "last_affected": "10.1.0-milestone12" }, { "introduced": "0" }, { "last_affected": "10.1.0-milestone13" }, { "introduced": "0" }, { "last_affected": "10.1.0-milestone14" }, { "introduced": "0" }, { "last_affected": "10.1.0-milestone15" }, { "introduced": "0" }, { "last_affected": "10.1.0-milestone16" }, { "introduced": "0" }, { "last_affected": "10.1.0-milestone17" }, { "introduced": "0" }, { "last_affected": "10.1.0-milestone18" }, { "introduced": "0" }, { "last_affected": "10.1.0-milestone19" }, { "introduced": "0" }, { "last_affected": "10.1.0-milestone2" }, { "introduced": "0" }, { "last_affected": "10.1.0-milestone20" }, { "introduced": "0" }, { "last_affected": "10.1.0-milestone3" }, { "introduced": "0" }, { "last_affected": "10.1.0-milestone4" }, { "introduced": "0" }, { "last_affected": "10.1.0-milestone5" }, { "introduced": "0" }, { "last_affected": "10.1.0-milestone6" }, { "introduced": "0" }, { "last_affected": "10.1.0-milestone7" }, { "introduced": "0" }, { "last_affected": "10.1.0-milestone8" }, { "introduced": "0" }, { "last_affected": "10.1.0-milestone9" }, { "introduced": "0" }, { "last_affected": "11.0.0-milestone1" }, { "introduced": "0" }, { "last_affected": "11.0.0-milestone10" }, { "introduced": "0" }, { "last_affected": "11.0.0-milestone11" }, { "introduced": "0" }, { "last_affected": "11.0.0-milestone12" }, { "introduced": "0" }, { "last_affected": "11.0.0-milestone13" }, { "introduced": "0" }, { "last_affected": "11.0.0-milestone14" }, { "introduced": "0" }, { "last_affected": "11.0.0-milestone15" }, { "introduced": "0" }, { "last_affected": "11.0.0-milestone16" }, { "introduced": "0" }, { "last_affected": "11.0.0-milestone17" }, { "introduced": "0" }, { "last_affected": "11.0.0-milestone18" }, { "introduced": "0" }, { "last_affected": "11.0.0-milestone19" }, { "introduced": "0" }, { "last_affected": "11.0.0-milestone2" }, { "introduced": "0" }, { "last_affected": "11.0.0-milestone20" }, { "introduced": "0" }, { "last_affected": "11.0.0-milestone21" }, { "introduced": "0" }, { "last_affected": "11.0.0-milestone22" }, { "introduced": "0" }, { "last_affected": "11.0.0-milestone23" }, { "introduced": "0" }, { "last_affected": "11.0.0-milestone24" }, { "introduced": "0" }, { "last_affected": "11.0.0-milestone25" }, { "introduced": "0" }, { "last_affected": "11.0.0-milestone26" }, { "introduced": "0" }, { "last_affected": "11.0.0-milestone3" }, { "introduced": "0" }, { "last_affected": "11.0.0-milestone4" }, { "introduced": "0" }, { "last_affected": "11.0.0-milestone5" }, { "introduced": "0" }, { "last_affected": "11.0.0-milestone6" }, { "introduced": "0" }, { "last_affected": "11.0.0-milestone7" }, { "introduced": "0" }, { "last_affected": "11.0.0-milestone8" }, { "introduced": "0" }, { "last_affected": "11.0.0-milestone9" } ] }
Affected versions
10.*
10.1.0-M1
10.1.0-M10
10.1.0-M11
10.1.0-M12
10.1.0-M13
10.1.0-M14
10.1.0-M15
10.1.0-M16
10.1.0-M17
10.1.0-M18
10.1.0-M19
10.1.0-M2
10.1.0-M20
10.1.0-M3
10.1.0-M4
10.1.0-M5
10.1.0-M6
10.1.0-M7
10.1.0-M8
10.1.0-M9
11.*
11.0.0-M1
11.0.0-M10
11.0.0-M11
11.0.0-M12
11.0.0-M13
11.0.0-M14
11.0.0-M15
11.0.0-M16
11.0.0-M17
11.0.0-M18
11.0.0-M19
11.0.0-M2
11.0.0-M20
11.0.0-M21
11.0.0-M22
11.0.0-M23
11.0.0-M24
11.0.0-M25
11.0.0-M26
11.0.0-M3
11.0.0-M4
11.0.0-M5
11.0.0-M6
11.0.0-M7
11.0.0-M8
11.0.0-M9