CVE-2026-53434
Received
Received - Intake
Error Condition Without Action in Apache Tomcat
Vulnerability report for CVE-2026-53434, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-06-29
Last updated on: 2026-06-29
Assigner: Apache Software Foundation
Description
Description
Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118.
Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fixes the issue.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | tomcat | From 11.0.0-m1 (inc) to 11.0.22 (inc) |
| apache | tomcat | From 10.1.0-m7 (inc) to 10.1.55 (inc) |
| apache | tomcat | From 9.0.83 (inc) to 9.0.118 (inc) |
| apache | tomcat | 11.0.23 |
| apache | tomcat | 10.1.56 |
| apache | tomcat | 9.0.119 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-390 | The product detects a specific error, but takes no actions to handle the error. |
