CVE Catalog

CVE-2026-53434

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

29th percentile — higher than 29% of all known CVEs

Summary

A vulnerability was found in Apache Tomcat where a detection of error condition without action occurs when configuring CRLs for a FFM based connector. Affected versions are from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, and from 9.0.83 through 9.0.118.

Risk Assessment

The organization may face improper certificate validation, potentially allowing revoked certificates to be accepted, compromising communication security.

Recommendation

Upgrade Apache Tomcat to version 11.0.23, 10.1.56, or 9.0.119 immediately, as these versions contain the fix for this vulnerability.

Original NVD description (English source)

Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fixes the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS