BIT-tomcat-2026-34486 — Vulnetix

BIT-tomcat-2026-34486 PUBLISHED CVSS 7.5 HIGH

Apache Tomcat: Fix for CVE-2026-29146 allowed bypass of EncryptInterceptor

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Bitnami	tomcat	9.0.116, 10.1.53, 11.0.20

Exploit Intelligence

anonmrc/CVE-2026-34486-e-Tomcat-Tribes (github-poc)
anonmrc/CVE-2026-34486-e-Tomcat-Tribes (github-poc-repo)
EncryptInterceptor fail-open bypass in Apache Tomcat Tribes clustering leading to unauthenticated RCE via Java deserialization. (github-poc-repo)
EncryptInterceptor fail-open bypass in Apache Tomcat Tribes clustering leading to unauthenticated RCE via Java deserialization. (github-poc)
CVE labs (github-poc-repo)
CVE-2026-34486 Apache Tomcat EncryptInterceptor 绕过漏洞复现（使用GLM5.1复现完成） (github-poc-repo)
Apache Tomcat EncryptInterceptor Bypass → Unauthenticated RCE (CVE-2026-34486) (github-poc-repo)
Tribes 协议探测 (github-poc-repo)
Tribes 协议探测 (github-poc)
Apache Tomcat EncryptInterceptor Bypass → Unauthenticated RCE (CVE-2026-34486) (github-poc)

…and 9 more exploits

Timeline

Apr 13, 2026 CVE Published
Apr 13, 2026 CVE Updated

References

Open in Interactive Console →

$ Console Community · 100/wk Open console ›