Insufficient Documentation Vulnerability in Apache Tomcat by Apache
CVE-2026-59084
Currently unrated
What is CVE-2026-59084?
An issue has been identified in Apache Tomcat that stems from insufficient technical documentation, particularly concerning the secure configuration requirements for the EncryptInterceptor component. This lack of clarity may lead to improper configurations, potentially exposing users to security risks. It affects various versions of Apache Tomcat, and users are advised to upgrade to the latest versions (11.0.24, 10.1.57, or 9.0.120) to remediate this issue.
Affected Version(s)
Apache Tomcat 11.0.0-M1 <= 11.0.23
Apache Tomcat 10.1.0-M1 <= 10.1.56
Apache Tomcat 9.0.13 <= 9.0.119