Resource Management Flaw in Apache Tomcat by Apache
CVE-2026-41284

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Tomcat
Vendor: CVE Published:; 12 May 2026

What is CVE-2026-41284?

Apache Tomcat suffers from a vulnerability characterized by the allocation of resources without optimal management or throttling. This issue affects multiple versions of Apache Tomcat, specifically from 11.0.0-M1 to 11.0.21, 10.1.0-M1 to 10.1.54, and 9.0.0.M1 to 9.0.117. Older versions, which are no longer supported, may also see impacts. Users are strongly advised to upgrade to the latest stable version to mitigate this issue.

Affected Version(s)

Apache Tomcat 11.0.0-M1 <= 11.0.21

Apache Tomcat 10.1.0-M1 <= 10.1.54

Apache Tomcat 9.0.0.M1 <= 9.0.117

References

https://lists.apache.org/thread/2nvqjr7ovjmvx2vbhb7s61ycd...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 20, 2026

Credit

Dariusz Gońda

CVE-2026-41284 Data

JSON