SUSE CVE-2026-29146

🗓️ 10 Apr 2026 23:26:16Reported by Suse CVEType

susecve

susecve🔗 www.suse.com👁 7 Views

Padding Oracle vulnerability in Tomcat EncryptInterceptor; upgrade to fixed Tomcat versions.

Reporter	Title	Published	Views	Family All 118
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM DataStax Enterprise	27 May 202617:14	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining Interim Fix for April 2026	30 Apr 202611:49	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Integration Bus for z/OS is vulnerable to multiple vulnerabilities due to Apache Tomcat	14 May 202614:09	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in tomcat-embed-core-11.0.18.jar	17 Jun 202615:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple issues in tomcat-embed-core [CVE-2026-24880, CVE-2026-25854, CVE-2026-29129, CVE-2026-29145, CVE-2026-29146, CVE-2026-32990, CVE-2026-34483, CVE-2026-34487, CVE-2026-3450]	18 Jun 202619:57	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Spring, Tomcat, Netty, Picomatch might affect IBM Storage Protect Plus	25 Jun 202618:37	–	ibm
IBM Security Bulletins	Security Bulletin: The Apache Tomcat application server that is shipped with IBM ApplinX is vulnerable to multiple vulnerabilities.	16 Jun 202617:54	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache Tomcat affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.	22 Jun 202613:42	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in tomcat-embed-core-9.0.115.jar	23 Jun 202612:39	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities found in Watson Data Intelligence	24 Jun 202618:29	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
OpenSUSE Tumbleweed	–	any	tomcat	9.0.117-1.1	tomcat-9.0.117-1.1.noarch.rpm
SUSE Linux Enterprise Server	15.4	any	tomcat	9.0.117-150200.105.1	tomcat-9.0.117-150200.105.1.noarch.rpm
SUSE Linux Enterprise Server	15.5	any	tomcat	9.0.117-150200.105.1	tomcat-9.0.117-150200.105.1.noarch.rpm
SUSE Linux Enterprise Server	15.6	any	tomcat	9.0.117-150200.105.1	tomcat-9.0.117-150200.105.1.noarch.rpm
SUSE Linux Enterprise Server	15.7	any	tomcat	9.0.117-150200.105.1	tomcat-9.0.117-150200.105.1.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	15.4	any	tomcat	9.0.117-150200.105.1	tomcat-9.0.117-150200.105.1.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	15.5	any	tomcat	9.0.117-150200.105.1	tomcat-9.0.117-150200.105.1.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	15.6	any	tomcat	9.0.117-150200.105.1	tomcat-9.0.117-150200.105.1.noarch.rpm
SUSE Linux Enterprise Server for SAP applications	15.7	any	tomcat	9.0.117-150200.105.1	tomcat-9.0.117-150200.105.1.noarch.rpm
OpenSUSE Leap	16.0	any	tomcat	9.0.117-160000.1.1	tomcat-9.0.117-160000.1.1.noarch.rpm

Source	Link
suse	www.suse.com/security/cve/CVE-2026-29146
suse	www.suse.com/support/security/rating/
bugzilla	www.bugzilla.suse.com/1261854
bugzilla	www.bugzilla.suse.com/1265977
bugzilla	www.bugzilla.suse.com/1265978
lists	www.lists.suse.com/pipermail/sle-updates/2026-April/045876.html
lists	www.lists.suse.com/pipermail/sle-updates/2026-April/045917.html
lists	www.lists.suse.com/pipermail/sle-updates/2026-April/045937.html
lists	www.lists.suse.com/pipermail/sle-updates/2026-April/045936.html
lists	www.lists.suse.com/pipermail/sle-updates/2026-April/046075.html

27 Jun 2026 02:03Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.17.5

EPSS0.03645

padding oracle tomcat vulnerability encrypt interceptor default configuration upgrade recommended