OSV - Open Source Vulnerabilities

SUSE-SU-2026:1572-1

SUSE:Linux Enterprise Server 12 SP5-LTSS/tomcat
SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5/tomcat

Security update for tomcat

19 hours ago

Fix available

CLEANSTART-2026-IS05941

CleanStart/thingsboard

CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native

yesterday

Fix available
Severity - 9.8 (Critical)

SUSE-SU-2026:1558-1

SUSE:Linux Enterprise Module for Web and Scripting 15 SP7/tomcat11
SUSE:Linux Enterprise Server 15 SP6-LTSS/tomcat11
SUSE:Linux Enterprise Server for SAP Applications 15 SP6/tomcat11

Security update for tomcat11

yesterday

Fix available

openSUSE-SU-2026:20611-1

openSUSE:Leap 16.0/tomcat

Security update for tomcat

2 days ago

Fix available

openSUSE-SU-2026:20612-1

openSUSE:Leap 16.0/tomcat10

Security update for tomcat10

2 days ago

Fix available

openSUSE-SU-2026:20595-1

openSUSE:Leap 16.0/tomcat11

Security update for tomcat11

2 days ago

Fix available

OESA-2026-1970

openEuler:20.03-LTS-SP4/tomcat
openEuler:22.03-LTS-SP4/tomcat
openEuler:24.03-LTS-SP1/tomcat
openEuler:24.03-LTS-SP2/tomcat
openEuler:24.03-LTS-SP3/tomcat
... 1 more

tomcat security update

6 days ago

Fix available

ROOT-APP-MAVEN-CVE-2026-29145

Root:Maven/io.root.org.apache.tomcat:tomcat-catalina

CVE-2026-29145 in io.root.org.apache.tomcat:tomcat-catalina - Patched by Root

17 Apr

Fix available

openSUSE-SU-2026:10547-1

openSUSE:Tumbleweed/tomcat

tomcat-9.0.117-1.1 on GA media

14 Apr

Fix available

openSUSE-SU-2026:10548-1

openSUSE:Tumbleweed/tomcat10

tomcat10-10.1.54-1.1 on GA media

14 Apr

Fix available

openSUSE-SU-2026:10549-1

openSUSE:Tumbleweed/tomcat11

tomcat11-11.0.21-1.1 on GA media

14 Apr

Fix available

BIT-tomcat-2026-29145

Bitnami/tomcat

Apache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabled

13 Apr

Fix available
Severity - 9.1 (Critical)

MGASA-2026-0095

Mageia:9/tomcat

Updated tomcat packages fix security vulnerabilities

12 Apr

Fix available

GHSA-95jq-rwvf-vjx4

Maven/org.apache.tomcat.embed:tomcat-embed-core
Maven/org.apache.tomcat:tomcat
Maven/org.apache.tomcat:tomcat-catalina

Apache Tomcat: CLIENT_CERT authentication does not fail as expected

09 Apr

Fix available
Severity - 9.1 (Critical)

DEBIAN-CVE-2026-29145

Debian:11/tomcat9
Debian:12/tomcat10
Debian:12/tomcat9
Debian:13/tomcat10
Debian:13/tomcat11
... 4 more

See record for full details

09 Apr

Fix available
Severity - 9.1 (Critical)

UBUNTU-CVE-2026-29145

Ubuntu:16.04:LTS/tomcat6
Ubuntu:25.10/tomcat10
Ubuntu:25.10/tomcat11
Ubuntu:25.10/tomcat9
Ubuntu:Pro:14.04:LTS/tomcat6
... 10 more

See record for full details

09 Apr

No fix available
Severity - 9.1 (Critical)