CVE-2026-53434
CRITICALDescription
Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fixes the issue.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| apache | tomcat |
| apache | tomcat |
| apache | tomcat |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2026-53434? +
How severe is CVE-2026-53434? +
What products are affected by CVE-2026-53434? +
How do I check if I'm vulnerable to CVE-2026-53434? +
Related Vulnerabilities
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: propagate nvmet_tcp_build_pdu_iovec() errors to its callers Currently, when nvmet_tcp_build_pdu_iovec() …
Memory corruption during memory assignment to headless peripheral VM due to incorrect error code handling.
Dell Alienware Command Center 6.x (AWCC), versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. A …
Envoy is a cloud-native, open-source edge and service proxy. In versions 1.29.0 and 1.29.1, theEnvoy HTTP/2 protocol stack is vulnerable …
A vulnerability was found in OpenSSH when the VerifyHostKeyDNS option is enabled. A machine-in-the-middle attack can be performed by a …
Memory corruption may occur while processing IOCTL call for DMM/WARPNCC CONFIG request.