GHSA-RV64-5GF8-9QQ8 Apache Tomcat has an Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve

🗓️ 09 Apr 2026 21:31:30Reported by GoogleType

osv

osv🔗 osv.dev👁 1 Views

Tomcat JsonAccessLogValve has an improper encoding vulnerability; upgrade 11.0.21, 10.1.54 or 9.0.117.

Reporter	Title	Published	Views	Family All 97
IBM Security Bulletins	Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat	14 May 202614:09	–	ibm
IBM Security Bulletins	Security Bulletin: Maximo AI Service uses multiple third party dependencies which are vulnerable to multiple CVEs.	27 May 202616:03	–	ibm
ATTACKERKB	CVE-2026-34483	9 Apr 202619:30	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : tomcat9, tomcat9-admin-webapps, tomcat9-el-3.0-api (ALAS2023-2026-1672)	20 May 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : tomcat10, tomcat10-admin-webapps, tomcat10-el-5.0-api (ALAS2023-2026-1673)	20 May 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : tomcat, --advisory ALAS2TOMCAT9-2026-025 (ALASTOMCAT9-2026-025)	30 Apr 202600:00	–	nessus
Tenable Nessus	Atlassian Confluence 8.9.0 < 9.2.20 / 9.3.1 < 10.2.11 (CONFSERVER-103708)	26 May 202600:00	–	nessus
Tenable Nessus	Atlassian Jira Service Management Data Center and Server 10.0.1 < 10.3.20 / 10.4.0 < 11.3.5 (JSDSERVER-16587)	28 May 202600:00	–	nessus
Tenable Nessus	openSUSE 16 Security Update : tomcat11 (openSUSE-SU-2026:20595-1)	23 Apr 202600:00	–	nessus
Tenable Nessus	openSUSE 16 Security Update : tomcat (openSUSE-SU-2026:20611-1)	24 Apr 202600:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-34483
github	www.github.com/apache/tomcat
lists	www.lists.apache.org/thread/j1w7304yonlr8vo1tkb5nfs7od1y228b
openwall	www.openwall.com/lists/oss-security/2026/04/09/26

16 Apr 2026 22:29Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.17.5

EPSS0.00067

apache tomcat json access log improper encoding security vulnerability