Error Condition Detection Issue in Apache Tomcat Connector
CVE-2026-53434

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Tomcat
Vendor: CVE Published:; 29 June 2026

What is CVE-2026-53434?

A vulnerability exists in Apache Tomcat that involves improper error condition detection in the configuration of Certificate Revocation Lists (CRLs) within a FFM-based connector. This issue can lead to security risks if left unaddressed. Users utilizing versions ranging from 11.0.0-M1 to 11.0.22, 10.1.0-M7 to 10.1.55, and 9.0.83 to 9.0.118 are strongly advised to upgrade to the latest releases (11.0.23, 10.1.56, or 9.0.119) to mitigate potential threats.

Affected Version(s)

Apache Tomcat 11.0.0-M1 <= 11.0.22

Apache Tomcat 10.1.0-M7 <= 10.1.55

Apache Tomcat 9.0.83 <= 9.0.118

References

https://lists.apache.org/thread/x510lbq0sfrd1qyo7q3r1mpll...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 29, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53434 Data

JSON