Insufficient Documentation Vulnerability in Apache Tomcat by Apache
CVE-2026-59084

Currently unrated

Key Information:

Vendor

Apache

Vendor
CVE Published:
14 July 2026

What is CVE-2026-59084?

An issue has been identified in Apache Tomcat that stems from insufficient technical documentation, particularly concerning the secure configuration requirements for the EncryptInterceptor component. This lack of clarity may lead to improper configurations, potentially exposing users to security risks. It affects various versions of Apache Tomcat, and users are advised to upgrade to the latest versions (11.0.24, 10.1.57, or 9.0.120) to remediate this issue.

Affected Version(s)

Apache Tomcat 11.0.0-M1 <= 11.0.23

Apache Tomcat 10.1.0-M1 <= 10.1.56

Apache Tomcat 9.0.13 <= 9.0.119

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

NDIx
.