Improper URL Encoding Handling in Apache Tomcat Affects Key Versions
CVE-2026-59083
Currently unrated
What is CVE-2026-59083?
A vulnerability exists in Apache Tomcat's rewrite valve that allows for security constraint bypass due to improper handling of URL encoding (hex encoding). This issue affects multiple versions of Apache Tomcat, potentially exposing applications to unauthorized access. It is critical for users to update to the latest versions (11.0.24, 10.1.57, or 9.0.120) to mitigate this risk.
Affected Version(s)
Apache Tomcat 11.0.0-M1 <= 11.0.23
Apache Tomcat 10.1.0-M1 <= 10.1.56
Apache Tomcat 9.0.0.M1 <= 9.0.119