CVE-2026-29145

🗓️ 09 Apr 2026 19:20:24Reported by apacheType

OCSP soft-fail occurs for client cert auth when disabled; upgrade Tomcat and Tomcat Native.

Reporter	Title	Published	Views	Family All 100
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM DataStax Enterprise	27 May 202617:14	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.18.jar	13 May 202616:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat	14 May 202614:09	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Tomcat and Lodash might affect IBM Storage Defender Copy Data Management	4 May 202616:20	–	ibm
GithubExploit	Exploit for Improper Authentication in Apache Tomcat	23 Apr 202617:26	–	githubexploit
ATTACKERKB	CVE-2026-29145	9 Apr 202619:20	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : tomcat-native (ALAS2023-2026-1595)	30 Apr 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2026-1672)	20 May 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : tomcat10, tomcat10-admin-webapps, tomcat10-el-5.0-api (ALAS2023-2026-1673)	20 May 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : tomcat, --advisory ALAS2TOMCAT9-2026-025 (ALASTOMCAT9-2026-025)	30 Apr 202600:00	–	nessus

NVD

Vulners

Node

apache tomcatRange9.0.83–9.0.116

apache tomcatRange10.1.1–10.1.53

apache tomcatRange11.0.0–11.0.20

apache tomcatMatch10.1.0-

apache tomcatMatch10.1.0milestone10

apache tomcatMatch10.1.0milestone11

apache tomcatMatch10.1.0milestone12

apache tomcatMatch10.1.0milestone13

apache tomcatMatch10.1.0milestone14

apache tomcatMatch10.1.0milestone15

apache tomcatMatch10.1.0milestone16

apache tomcatMatch10.1.0milestone17

apache tomcatMatch10.1.0milestone18

apache tomcatMatch10.1.0milestone19

apache tomcatMatch10.1.0milestone20

apache tomcatMatch10.1.0milestone7

apache tomcatMatch10.1.0milestone8

apache tomcatMatch10.1.0milestone9

apache tomcat_nativeRange1.1.23–1.3.7

apache tomcat_nativeRange2.0.0–2.0.14

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Tomcat",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "11.0.18",
        "status": "affected",
        "version": "11.0.0-M1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.1.52",
        "status": "affected",
        "version": "10.1.0-M7",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.0.115",
        "status": "affected",
        "version": "9.0.83",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.5.100",
        "status": "unaffected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Apache Tomcat Native",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "1.1.34",
        "status": "affected",
        "version": "1.1.23",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "1.2.39",
        "status": "affected",
        "version": "1.2.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "1.3.6",
        "status": "affected",
        "version": "1.3.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "2.0.13",
        "status": "affected",
        "version": "2.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz
openwall	www.openwall.com/lists/oss-security/2026/04/09/23

14 Apr 2026 13:22Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.19.1

EPSS0.00028

SSVC

CWE-287