CVE-2026-34500

Sažetak

CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fixes the issue.

Reference

https://lists.apache.org/thread/7rcl4zdxryc8hy3htyfyxkbqpxjtfdl2
http://www.openwall.com/lists/oss-security/2026/04/09/29

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

10-04-2026 - 00:16

Objavljeno

09-04-2026 - 20:16