VDB
GHSA-x4m4-345f-5h5g
GHSA-x4m4-345f-5h5g
PUBLISHED
CVSS 7.5 HIGH
Apache Tomcat vulnerable to Insertion of Sensitive Information into Log File
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maven | org.apache.tomcat:tomcat | 9.0.13, 10.1.0-M1, 11.0.0-M1 |
| Maven | org.apache.tomcat:tomcat-catalina | 10.1.0-M1, 9.0.13, 11.0.0-M1 |
| Maven | org.apache.tomcat.embed:tomcat-embed-core | 9.0.13, 10.1.0-M1, 11.0.0-M1 |
Exploit Intelligence
- .trivyignore.yaml (github-poc)
- .trivyignore.yaml (github-poc)
- suppressions.xml (github-poc)
- suppressions.xml (github-poc)
Timeline
- Apr 9, 2026 CVE Published
- Apr 10, 2026 CVE Updated
- Apr 11, 2026 Security Advisory