CVE-2026-29146

🗓️ 09 Apr 2026 19:21:57Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 54 Views

Padding oracle vulnerability in Tomcat EncryptInterceptor with default config; upgrade to fixed.

Reporter	Title	Published	Views	Family All 108
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM DataStax Enterprise	27 May 202617:14	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for April 2026	30 Apr 202611:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat	14 May 202614:09	–	ibm
GithubExploit	Exploit for Missing Encryption of Sensitive Data in Apache Tomcat	15 Apr 202607:30	–	githubexploit
ATTACKERKB	CVE-2026-29146	9 Apr 202619:21	–	attackerkb
ATTACKERKB	CVE-2026-34486	9 Apr 202619:35	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2026-1672)	20 May 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : tomcat10, tomcat10-admin-webapps, tomcat10-el-5.0-api (ALAS2023-2026-1673)	20 May 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : tomcat, --advisory ALAS2TOMCAT9-2026-025 (ALASTOMCAT9-2026-025)	30 Apr 202600:00	–	nessus
Tenable Nessus	Atlassian Confluence 9.1.0 < 9.2.20 / 9.3.1 < 10.2.11 (CONFSERVER-103647)	26 May 202600:00	–	nessus

NVD

Vulners

Node

apache tomcatRange7.0.100–7.0.109

apache tomcatRange8.5.38–8.5.100

apache tomcatRange9.0.13–9.0.116

apache tomcatRange10.0.0–10.1.53

apache tomcatRange11.0.0–11.0.20

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Tomcat",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "11.0.18",
        "status": "affected",
        "version": "11.0.0-M1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.1.52",
        "status": "affected",
        "version": "10.0.0-M1",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.0.115",
        "status": "affected",
        "version": "9.0.13",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.5.100",
        "status": "affected",
        "version": "8.5.38",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "7.0.109",
        "status": "affected",
        "version": "7.0.100",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread/lzt04z2pb3dc5tk85obn80xygw3z1p0w
openwall	www.openwall.com/lists/oss-security/2026/04/09/24

14 Apr 2026 12:56Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.17.5

EPSS0.12311

SSVC