2 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-34500
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CLIENTCERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache...
CVE-2026-34486
CVE-2026-34486 is a Tomcat Tribes EncryptInterceptor regression: when decryption fails, the code path previously moved super.messageReceived(msg) outside the try block, causing raw serialized bytes to bypass encryption and reach deserialization, enabling unauthenticated RCE via Java deserializati...