Improper Input Validation in Apache Tomcat Native and Apache Tomcat

CVE-2026-24734

What is CVE-2026-24734?

An improper input validation vulnerability in Apache Tomcat Native and Apache Tomcat has been identified, where the lack of verification and freshness checks on OCSP responses could potentially allow attackers to bypass certificate revocation mechanisms. This issue affects specific versions of both Apache Tomcat Native and Apache Tomcat, leading to potential security risks for users who have not updated to the recommended versions. Users are urged to upgrade to versions 1.3.5 or later for Tomcat Native and 11.0.18 or later, 10.1.52 or later, or 9.0.115 or later for Apache Tomcat to mitigate the risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References