CVE-2026-34500

🗓️ 09 Apr 2026 19:36:52Reported by apacheType

Apache Tomcat OCSP soft-fail bug: client certificate auth may not fail when soft fail is disabled.

Reporter	Title	Published	Views	Family All 105
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Tomcat might affect IBM Storage Defender Copy Data Management	4 May 202616:20	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat	14 May 202614:09	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in pygments-2.19.2-py3-none-any.whl	17 Jun 202615:28	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.18.jar	17 Jun 202615:30	–	ibm
IBM Security Bulletins	Security Bulletin: The Apache Tomcat application server that is shipped with IBM ApplinX is vulnerable to multiple vulnerabilities.	16 Jun 202617:54	–	ibm
IBM Security Bulletins	Security Bulletin: Maximo AI Service uses multiple third party dependencies which are vulnerable to multiple CVEs.	27 May 202616:03	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities found in Watson Data Intelligence	24 Jun 202618:29	–	ibm
IBM Security Bulletins	Security Bulletin: MongoDB Enterprised Advanced affected by: Improper Authentication, Insertion of Sensitive Information into Log File, Improper Encoding or Escaping of Output (CVE-2026-34500, CVE-2026-34487, CVE-2026-34483)	15 Jun 202622:17	–	ibm
ATTACKERKB	CVE-2026-34500	9 Apr 202619:36	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2026-1672)	20 May 202600:00	–	nessus

NVD

Vulners

Node

apache tomcatRange9.0.92–9.0.117

apache tomcatRange10.1.22–10.1.54

apache tomcatRange11.0.1–11.0.21

apache tomcatMatch11.0.0milestone14

apache tomcatMatch11.0.0milestone15

apache tomcatMatch11.0.0milestone16

apache tomcatMatch11.0.0milestone17

apache tomcatMatch11.0.0milestone18

apache tomcatMatch11.0.0milestone19

apache tomcatMatch11.0.0milestone20

apache tomcatMatch11.0.0milestone21

apache tomcatMatch11.0.0milestone22

apache tomcatMatch11.0.0milestone23

apache tomcatMatch11.0.0milestone24

apache tomcatMatch11.0.0milestone25

apache tomcatMatch11.0.0milestone26

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Tomcat",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "11.0.20",
        "status": "affected",
        "version": "11.0.0-M14",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.1.53",
        "status": "affected",
        "version": "10.1.22",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "9.0.116",
        "status": "affected",
        "version": "9.0.92",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread/7rcl4zdxryc8hy3htyfyxkbqpxjtfdl2
openwall	www.openwall.com/lists/oss-security/2026/04/09/29

17 Jun 2026 10:39Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.16.5

EPSS0.00469

SSVC

CWE-287