EUVD-2026-21011

🗓️ 09 Apr 2026 21:31:29Reported by EUVDType

Client certificate authentication may bypass failure with soft fail disabled; upgrade Tomcat and Native to fixed versions.

Reporter	Title	Published	Views	Family All 110
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM DataStax Enterprise	27 May 202617:14	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.18.jar	13 May 202616:45	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat	14 May 202614:09	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Apache Tomcat and Lodash might affect IBM Storage Defender Copy Data Management	4 May 202616:20	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple issues in tomcat-embed-core [CVE-2026-24880, CVE-2026-25854, CVE-2026-29129, CVE-2026-29145, CVE-2026-29146, CVE-2026-32990, CVE-2026-34483, CVE-2026-34487, CVE-2026-3450]	18 Jun 202619:57	–	ibm
IBM Security Bulletins	Security Bulletin: The Apache Tomcat application server that is shipped with IBM ApplinX is vulnerable to multiple vulnerabilities.	16 Jun 202617:54	–	ibm
IBM Security Bulletins	Security Bulletin: MongoDB Enterprised Advanced affected by: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling'), URL Redirection to Untrusted Site ('Open Redirect'), and 3 more (CVE-2026-24880, CVE-2026-25854, and 3 more)	16 Jun 202614:13	–	ibm
GithubExploit	Exploit for Improper Authentication in Apache Tomcat	23 Apr 202617:26	–	githubexploit
ATTACKERKB	CVE-2026-29145	9 Apr 202619:20	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : tomcat-native (ALAS2023-2026-1595)	30 Apr 202600:00	–	nessus

[
  {
    "enisaIdVendor": [
      {
        "id": "6b541a7f-fd83-33e4-b05a-b15041781135",
        "vendor": {
          "name": "Apache Software Foundation"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "1cecfc8c-8b92-3877-8c53-3e98705dcf7c",
        "product": {
          "name": "Apache Tomcat Native"
        },
        "product_version": "1.3.0 ≤1.3.6"
      },
      {
        "id": "388c9236-9d9d-3cc9-b7ff-87128d68e7e3",
        "product": {
          "name": "Apache Tomcat Native"
        },
        "product_version": "1.1.23 ≤1.1.34"
      },
      {
        "id": "599428d8-334a-39cf-8353-3125f0118298",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": "11.0.0-M1 ≤11.0.18"
      },
      {
        "id": "82eae324-25a6-3f2d-8e89-42bae3d032c1",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": ""
      },
      {
        "id": "a922e6a5-476d-35dd-959a-4bf986dcbaec",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": "10.1.0-M7 ≤10.1.52"
      },
      {
        "id": "b0415fd9-6485-3017-9e91-2aa1a23f590c",
        "product": {
          "name": "Apache Tomcat"
        },
        "product_version": "9.0.83 ≤9.0.115"
      },
      {
        "id": "c4c9f8f7-e3cc-32b6-94a7-8e205fd82499",
        "product": {
          "name": "Apache Tomcat Native"
        },
        "product_version": "1.2.0 ≤1.2.39"
      },
      {
        "id": "d327702f-0ede-31fa-9899-fb783c05f3a2",
        "product": {
          "name": "Apache Tomcat Native"
        },
        "product_version": "2.0.0 ≤2.0.13"
      }
    ]
  }
]

Source	Link
lists	www.lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-29145

09 Apr 2026 21:31Current

5.8Medium risk

Vulners AI Score5.8

EPSS0.00664