Apache releases security advisory for Tomcat
The Apache Software Foundation has released a security advisory to address the vulnerabilities in multiple versions of Tomcat. A remote attacker could exploit these vulnerabilities (CVE-2026-34500, CVE-34487, CVE-34486, CVE-34483) to trigger sensitive information disclosure, remote code execution and security restriction bypass on the targeted system. Apache fixed vulnerabilities in Apache Tomcat versions 11.0.21, 10.1.54, 9.0.117.
Detailed information on vulnerability and updates can be found in Apache’s security advisories – apache.org
15 April 2026