GHSA-69r9-qgr7-g2wj

Source

https://github.com/advisories/GHSA-69r9-qgr7-g2wj

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-69r9-qgr7-g2wj/GHSA-69r9-qgr7-g2wj.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-69r9-qgr7-g2wj

Aliases

BIT-tomcat-2026-34486
CVE-2026-34486

Related

CGA-h965-c2p6-v66r

Published

2026-04-09T21:31:30Z

Modified

2026-04-13T08:27:23.349629102Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Apache Tomcat Missing Encryption of Sensitive Data vulnerability

Details

Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor.

This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116.

Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.

Database specific

{
    "cwe_ids": [
        "CWE-311"
    ],
    "severity": "HIGH",
    "nvd_published_at": "2026-04-09T20:16:25Z",
    "github_reviewed_at": "2026-04-10T22:07:50Z",
    "github_reviewed": true
}

References

Affected packages

Maven

org.apache.tomcat:tomcat-catalina

Package

Name: org.apache.tomcat:tomcat-catalina; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat-catalina

Affected ranges

Type: ECOSYSTEM
Events: Introduced

11.0.20

Fixed

11.0.21

Affected versions

11.*

11.0.20

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-69r9-qgr7-g2wj/GHSA-69r9-qgr7-g2wj.json"

org.apache.tomcat:tomcat-catalina

Package

Name: org.apache.tomcat:tomcat-catalina; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat-catalina

Affected ranges

Type: ECOSYSTEM
Events: Introduced

10.1.53

Fixed

10.1.54

Affected versions

10.*

10.1.53

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-69r9-qgr7-g2wj/GHSA-69r9-qgr7-g2wj.json"

org.apache.tomcat:tomcat-catalina

Package

Name: org.apache.tomcat:tomcat-catalina; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat-catalina

Affected ranges

Type: ECOSYSTEM
Events: Introduced

9.0.116

Fixed

9.0.117

Affected versions

9.*

9.0.116

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-69r9-qgr7-g2wj/GHSA-69r9-qgr7-g2wj.json"

org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

11.0.20

Fixed

11.0.21

Affected versions

11.*

11.0.20

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-69r9-qgr7-g2wj/GHSA-69r9-qgr7-g2wj.json"

org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

10.1.53

Fixed

10.1.54

Affected versions

10.*

10.1.53

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-69r9-qgr7-g2wj/GHSA-69r9-qgr7-g2wj.json"

org.apache.tomcat:tomcat

Package

Name: org.apache.tomcat:tomcat; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat/tomcat

Affected ranges

Type: ECOSYSTEM
Events: Introduced

9.0.116

Fixed

9.0.117

Affected versions

9.*

9.0.116

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-69r9-qgr7-g2wj/GHSA-69r9-qgr7-g2wj.json"

org.apache.tomcat.embed:tomcat-embed-core

Package

Name: org.apache.tomcat.embed:tomcat-embed-core; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat.embed/tomcat-embed-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

11.0.20

Fixed

11.0.21

Affected versions

11.*

11.0.20

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-69r9-qgr7-g2wj/GHSA-69r9-qgr7-g2wj.json"

org.apache.tomcat.embed:tomcat-embed-core

Package

Name: org.apache.tomcat.embed:tomcat-embed-core; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat.embed/tomcat-embed-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

10.1.53

Fixed

10.1.54

Affected versions

10.*

10.1.53

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-69r9-qgr7-g2wj/GHSA-69r9-qgr7-g2wj.json"

org.apache.tomcat.embed:tomcat-embed-core

Package

Name: org.apache.tomcat.embed:tomcat-embed-core; View open source insights on deps.dev
Purl: pkg:maven/org.apache.tomcat.embed/tomcat-embed-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

9.0.116

Fixed

9.0.117

Affected versions

9.*

9.0.116

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-69r9-qgr7-g2wj/GHSA-69r9-qgr7-g2wj.json"