CVE-2026-50229
MEDIUMDescription
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Other versions that have reached end of support may also be affected. Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fix the issue.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2026-50229? +
How severe is CVE-2026-50229? +
What products are affected by CVE-2026-50229? +
How do I check if I'm vulnerable to CVE-2026-50229? +
Related Vulnerabilities
mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover …
mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the user dashboard's "Seen …
The GDPR cookies module for Backdrop CMS (before 1.x-1.3.5) doesn't sufficiently protect visitors from Cross Site Scripting (XSS) if a …
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. During a recent internal audit, a Cross-Site Scripting …
It is possible to inject HTML code into the page content using the "content" field in the "Application definition" page. …
Anubis is a Web AI Firewall Utility that weighs the soul of users' connections using one or more challenges in …