VDB
DEBIAN-CVE-2026-29129
DEBIAN-CVE-2026-29129
PUBLISHED
CVSS 7.5 HIGH
Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | tomcat10 | 10.1.9-1, 10.1.6-1, 10.1.6-1 |
| Debian:14 | tomcat11 | 11.0.11-1, 11.0.15-1, 11.0.15-1 |
| Debian:11 | tomcat9 | 9.0.43-3, 0, 9.0.43-2~deb11u1 |
| Debian:13 | tomcat11 | 11.0.21-1, 11.0.11-1, 11.0.15-1 |
| Debian:14 | tomcat10 | 10.1.52-1, 0, 10.1.40-1 |
| Debian:13 | tomcat10 | 10.1.52-1, 10.1.52-1, 10.1.52-1 |
| Debian:12 | tomcat9 | 0, 0 |
| Debian:14 | tomcat9 | 0, 0 |
| Debian:13 | tomcat9 | 0, 0 |
Exploit Intelligence
- suppressions.xml (github-poc)
Timeline
- Apr 9, 2026 CVE Published
- Apr 28, 2026 CVE Updated