High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2026-34483
High
Low
Medium
High
Critical
7.5
CVSS Score
Vulnerability Description
Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116.
Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117 , which fix the issue.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
H
Integrity
N
Availability
N
Known Affected Software
131 configuration(s) from 1 vendor(s)
tomcat
Version:
9.0.93
CPE:
cpe:2.3:a:apache:tomcat:9.0.93:*:*:*:*:*:*:*
tomcat
Version:
10.1.13
CPE:
cpe:2.3:a:apache:tomcat:10.1.13:*:*:*:*:*:*:*
tomcat
Version:
10.1.31
CPE:
cpe:2.3:a:apache:tomcat:10.1.31:*:*:*:*:*:*:*
tomcat
Version:
10.1.1
CPE:
cpe:2.3:a:apache:tomcat:10.1.1:*:*:*:*:*:*:*
tomcat
Version:
9.0.102
CPE:
cpe:2.3:a:apache:tomcat:9.0.102:*:*:*:*:*:*:*
tomcat
Version:
9.0.95
CPE:
cpe:2.3:a:apache:tomcat:9.0.95:*:*:*:*:*:*:*
tomcat
Version:
9.0.75
CPE:
cpe:2.3:a:apache:tomcat:9.0.75:*:*:*:*:*:*:*
tomcat
Version:
9.0.70
CPE:
cpe:2.3:a:apache:tomcat:9.0.70:*:*:*:*:*:*:*
tomcat
Version:
9.0.108
CPE:
cpe:2.3:a:apache:tomcat:9.0.108:*:*:*:*:*:*:*
tomcat
Version:
9.0.101
CPE:
cpe:2.3:a:apache:tomcat:9.0.101:*:*:*:*:*:*:*
tomcat
Version:
11.0.8
CPE:
cpe:2.3:a:apache:tomcat:11.0.8:*:*:*:*:*:*:*
tomcat
Version:
10.1.34
CPE:
cpe:2.3:a:apache:tomcat:10.1.34:*:*:*:*:*:*:*
tomcat
Version:
9.0.73
CPE:
cpe:2.3:a:apache:tomcat:9.0.73:*:*:*:*:*:*:*
tomcat
Version:
10.1.47
CPE:
cpe:2.3:a:apache:tomcat:10.1.47:*:*:*:*:*:*:*
tomcat
Version:
10.1.48
CPE:
cpe:2.3:a:apache:tomcat:10.1.48:*:*:*:*:*:*:*
tomcat
Version:
10.1.25
CPE:
cpe:2.3:a:apache:tomcat:10.1.25:*:*:*:*:*:*:*
tomcat
Version:
9.0.92
CPE:
cpe:2.3:a:apache:tomcat:9.0.92:*:*:*:*:*:*:*
tomcat
Version:
10.1.20
CPE:
cpe:2.3:a:apache:tomcat:10.1.20:*:*:*:*:*:*:*
tomcat
Version:
10.1.33
CPE:
cpe:2.3:a:apache:tomcat:10.1.33:*:*:*:*:*:*:*
tomcat
Version:
9.0.90
CPE:
cpe:2.3:a:apache:tomcat:9.0.90:*:*:*:*:*:*:*
tomcat
Version:
10.1.32
CPE:
cpe:2.3:a:apache:tomcat:10.1.32:*:*:*:*:*:*:*
tomcat
Version:
11.0.9
CPE:
cpe:2.3:a:apache:tomcat:11.0.9:*:*:*:*:*:*:*
tomcat
Version:
9.0.56
CPE:
cpe:2.3:a:apache:tomcat:9.0.56:*:*:*:*:*:*:*
tomcat
Version:
9.0.68
CPE:
cpe:2.3:a:apache:tomcat:9.0.68:*:*:*:*:*:*:*
tomcat
Version:
9.0.80
CPE:
cpe:2.3:a:apache:tomcat:9.0.80:*:*:*:*:*:*:*
tomcat
Version:
9.0.62
CPE:
cpe:2.3:a:apache:tomcat:9.0.62:*:*:*:*:*:*:*
tomcat
Version:
10.1.6
CPE:
cpe:2.3:a:apache:tomcat:10.1.6:*:*:*:*:*:*:*
tomcat
Version:
10.1.15
CPE:
cpe:2.3:a:apache:tomcat:10.1.15:*:*:*:*:*:*:*
tomcat
Version:
10.1.28
CPE:
cpe:2.3:a:apache:tomcat:10.1.28:*:*:*:*:*:*:*
tomcat
Version:
9.0.109
CPE:
cpe:2.3:a:apache:tomcat:9.0.109:*:*:*:*:*:*:*
tomcat
Version:
10.1.40
CPE:
cpe:2.3:a:apache:tomcat:10.1.40:*:*:*:*:*:*:*
tomcat
Version:
9.0.57
CPE:
cpe:2.3:a:apache:tomcat:9.0.57:*:*:*:*:*:*:*
tomcat
Version:
10.1.30
CPE:
cpe:2.3:a:apache:tomcat:10.1.30:*:*:*:*:*:*:*
tomcat
Version:
9.0.111
CPE:
cpe:2.3:a:apache:tomcat:9.0.111:*:*:*:*:*:*:*
tomcat
Version:
9.0.71
CPE:
cpe:2.3:a:apache:tomcat:9.0.71:*:*:*:*:*:*:*
tomcat
Version:
10.1.7
CPE:
cpe:2.3:a:apache:tomcat:10.1.7:*:*:*:*:*:*:*
tomcat
Version:
9.0.82
CPE:
cpe:2.3:a:apache:tomcat:9.0.82:*:*:*:*:*:*:*
tomcat
Version:
9.0.103
CPE:
cpe:2.3:a:apache:tomcat:9.0.103:*:*:*:*:*:*:*
tomcat
Version:
9.0.74
CPE:
cpe:2.3:a:apache:tomcat:9.0.74:*:*:*:*:*:*:*
tomcat
Version:
11.0.4
CPE:
cpe:2.3:a:apache:tomcat:11.0.4:*:*:*:*:*:*:*
tomcat
Version:
10.1.45
CPE:
cpe:2.3:a:apache:tomcat:10.1.45:*:*:*:*:*:*:*
tomcat
Version:
10.1.9
CPE:
cpe:2.3:a:apache:tomcat:10.1.9:*:*:*:*:*:*:*
tomcat
Version:
9.0.96
CPE:
cpe:2.3:a:apache:tomcat:9.0.96:*:*:*:*:*:*:*
tomcat
Version:
11.0.6
CPE:
cpe:2.3:a:apache:tomcat:11.0.6:*:*:*:*:*:*:*
tomcat
Version:
9.0.58
CPE:
cpe:2.3:a:apache:tomcat:9.0.58:*:*:*:*:*:*:*
tomcat
Version:
9.0.65
CPE:
cpe:2.3:a:apache:tomcat:9.0.65:*:*:*:*:*:*:*
tomcat
Version:
10.1.44
CPE:
cpe:2.3:a:apache:tomcat:10.1.44:*:*:*:*:*:*:*
tomcat
Version:
9.0.54
CPE:
cpe:2.3:a:apache:tomcat:9.0.54:*:*:*:*:*:*:*
tomcat
Version:
9.0.47
CPE:
cpe:2.3:a:apache:tomcat:9.0.47:*:*:*:*:*:*:*
tomcat
Version:
11.0.2
CPE:
cpe:2.3:a:apache:tomcat:11.0.2:*:*:*:*:*:*:*
tomcat
Version:
9.0.49
CPE:
cpe:2.3:a:apache:tomcat:9.0.49:*:*:*:*:*:*:*
tomcat
Version:
10.1.37
CPE:
cpe:2.3:a:apache:tomcat:10.1.37:*:*:*:*:*:*:*
tomcat
Version:
10.1.14
CPE:
cpe:2.3:a:apache:tomcat:10.1.14:*:*:*:*:*:*:*
tomcat
Version:
9.0.81
CPE:
cpe:2.3:a:apache:tomcat:9.0.81:*:*:*:*:*:*:*
tomcat
Version:
10.1.24
CPE:
cpe:2.3:a:apache:tomcat:10.1.24:*:*:*:*:*:*:*
tomcat
Version:
9.0.99
CPE:
cpe:2.3:a:apache:tomcat:9.0.99:*:*:*:*:*:*:*
tomcat
Version:
9.0.59
CPE:
cpe:2.3:a:apache:tomcat:9.0.59:*:*:*:*:*:*:*
tomcat
Version:
9.0.79
CPE:
cpe:2.3:a:apache:tomcat:9.0.79:*:*:*:*:*:*:*
tomcat
Version:
10.1.42
CPE:
cpe:2.3:a:apache:tomcat:10.1.42:*:*:*:*:*:*:*
tomcat
Version:
10.1.23
CPE:
cpe:2.3:a:apache:tomcat:10.1.23:*:*:*:*:*:*:*
tomcat
Version:
11.0.12
CPE:
cpe:2.3:a:apache:tomcat:11.0.12:*:*:*:*:*:*:*
tomcat
Version:
10.1.18
CPE:
cpe:2.3:a:apache:tomcat:10.1.18:*:*:*:*:*:*:*
tomcat
Version:
10.1.38
CPE:
cpe:2.3:a:apache:tomcat:10.1.38:*:*:*:*:*:*:*
tomcat
Version:
9.0.78
CPE:
cpe:2.3:a:apache:tomcat:9.0.78:*:*:*:*:*:*:*
tomcat
Version:
10.1.22
CPE:
cpe:2.3:a:apache:tomcat:10.1.22:*:*:*:*:*:*:*
tomcat
Version:
11.0.0
CPE:
cpe:2.3:a:apache:tomcat:11.0.0:milestone26:*:*:*:*:*:*
tomcat
Version:
9.0.88
CPE:
cpe:2.3:a:apache:tomcat:9.0.88:*:*:*:*:*:*:*
tomcat
Version:
10.1.16
CPE:
cpe:2.3:a:apache:tomcat:10.1.16:*:*:*:*:*:*:*
tomcat
Version:
10.1.26
CPE:
cpe:2.3:a:apache:tomcat:10.1.26:*:*:*:*:*:*:*
tomcat
Version:
9.0.46
CPE:
cpe:2.3:a:apache:tomcat:9.0.46:*:*:*:*:*:*:*
tomcat
Version:
10.1.35
CPE:
cpe:2.3:a:apache:tomcat:10.1.35:*:*:*:*:*:*:*
tomcat
Version:
10.1.17
CPE:
cpe:2.3:a:apache:tomcat:10.1.17:*:*:*:*:*:*:*
tomcat
Version:
9.0.45
CPE:
cpe:2.3:a:apache:tomcat:9.0.45:*:*:*:*:*:*:*
tomcat
Version:
10.1.41
CPE:
cpe:2.3:a:apache:tomcat:10.1.41:*:*:*:*:*:*:*
tomcat
Version:
9.0.42
CPE:
cpe:2.3:a:apache:tomcat:9.0.42:*:*:*:*:*:*:*
tomcat
Version:
10.1.8
CPE:
cpe:2.3:a:apache:tomcat:10.1.8:*:*:*:*:*:*:*
tomcat
Version:
10.1.11
CPE:
cpe:2.3:a:apache:tomcat:10.1.11:*:*:*:*:*:*:*
tomcat
Version:
9.0.106
CPE:
cpe:2.3:a:apache:tomcat:9.0.106:*:*:*:*:*:*:*
tomcat
Version:
9.0.60
CPE:
cpe:2.3:a:apache:tomcat:9.0.60:*:*:*:*:*:*:*
tomcat
Version:
11.0.5
CPE:
cpe:2.3:a:apache:tomcat:11.0.5:*:*:*:*:*:*:*
tomcat
Version:
9.0.53
CPE:
cpe:2.3:a:apache:tomcat:9.0.53:*:*:*:*:*:*:*
tomcat
Version:
10.1.2
CPE:
cpe:2.3:a:apache:tomcat:10.1.2:*:*:*:*:*:*:*
tomcat
Version:
9.0.107
CPE:
cpe:2.3:a:apache:tomcat:9.0.107:*:*:*:*:*:*:*
tomcat
Version:
9.0.51
CPE:
cpe:2.3:a:apache:tomcat:9.0.51:*:*:*:*:*:*:*
tomcat
Version:
9.0.48
CPE:
cpe:2.3:a:apache:tomcat:9.0.48:*:*:*:*:*:*:*
tomcat
Version:
9.0.44
CPE:
cpe:2.3:a:apache:tomcat:9.0.44:*:*:*:*:*:*:*
tomcat
Version:
10.1.19
CPE:
cpe:2.3:a:apache:tomcat:10.1.19:*:*:*:*:*:*:*
tomcat
Version:
10.1.5
CPE:
cpe:2.3:a:apache:tomcat:10.1.5:*:*:*:*:*:*:*
tomcat
Version:
9.0.97
CPE:
cpe:2.3:a:apache:tomcat:9.0.97:*:*:*:*:*:*:*
tomcat
Version:
11.0.7
CPE:
cpe:2.3:a:apache:tomcat:11.0.7:*:*:*:*:*:*:*
tomcat
Version:
9.0.41
CPE:
cpe:2.3:a:apache:tomcat:9.0.41:*:*:*:*:*:*:*
tomcat
Version:
9.0.86
CPE:
cpe:2.3:a:apache:tomcat:9.0.86:*:*:*:*:*:*:*
tomcat
Version:
9.0.110
CPE:
cpe:2.3:a:apache:tomcat:9.0.110:*:*:*:*:*:*:*
tomcat
Version:
9.0.83
CPE:
cpe:2.3:a:apache:tomcat:9.0.83:*:*:*:*:*:*:*
tomcat
Version:
9.0.98
CPE:
cpe:2.3:a:apache:tomcat:9.0.98:*:*:*:*:*:*:*
tomcat
Version:
9.0.55
CPE:
cpe:2.3:a:apache:tomcat:9.0.55:*:*:*:*:*:*:*
tomcat
Version:
9.0.67
CPE:
cpe:2.3:a:apache:tomcat:9.0.67:*:*:*:*:*:*:*
tomcat
Version:
9.0.63
CPE:
cpe:2.3:a:apache:tomcat:9.0.63:*:*:*:*:*:*:*
tomcat
Version:
9.0.50
CPE:
cpe:2.3:a:apache:tomcat:9.0.50:*:*:*:*:*:*:*
tomcat
Version:
11.0.10
CPE:
cpe:2.3:a:apache:tomcat:11.0.10:*:*:*:*:*:*:*
tomcat
Version:
9.0.85
CPE:
cpe:2.3:a:apache:tomcat:9.0.85:*:*:*:*:*:*:*
tomcat
Version:
10.1.43
CPE:
cpe:2.3:a:apache:tomcat:10.1.43:*:*:*:*:*:*:*
tomcat
Version:
10.1.27
CPE:
cpe:2.3:a:apache:tomcat:10.1.27:*:*:*:*:*:*:*
tomcat
Version:
11.0.3
CPE:
cpe:2.3:a:apache:tomcat:11.0.3:*:*:*:*:*:*:*
tomcat
Version:
9.0.105
CPE:
cpe:2.3:a:apache:tomcat:9.0.105:*:*:*:*:*:*:*
tomcat
Version:
9.0.72
CPE:
cpe:2.3:a:apache:tomcat:9.0.72:*:*:*:*:*:*:*
tomcat
Version:
9.0.52
CPE:
cpe:2.3:a:apache:tomcat:9.0.52:*:*:*:*:*:*:*
tomcat
Version:
9.0.43
CPE:
cpe:2.3:a:apache:tomcat:9.0.43:*:*:*:*:*:*:*
tomcat
Version:
10.1.10
CPE:
cpe:2.3:a:apache:tomcat:10.1.10:*:*:*:*:*:*:*
tomcat
Version:
10.1.39
CPE:
cpe:2.3:a:apache:tomcat:10.1.39:*:*:*:*:*:*:*
tomcat
Version:
9.0.89
CPE:
cpe:2.3:a:apache:tomcat:9.0.89:*:*:*:*:*:*:*
tomcat
Version:
11.0.13
CPE:
cpe:2.3:a:apache:tomcat:11.0.13:*:*:*:*:*:*:*
tomcat
Version:
10.1.0
CPE:
cpe:2.3:a:apache:tomcat:10.1.0:milestone18:*:*:*:*:*:*
tomcat
Version:
9.0.77
CPE:
cpe:2.3:a:apache:tomcat:9.0.77:*:*:*:*:*:*:*
tomcat
Version:
9.0.91
CPE:
cpe:2.3:a:apache:tomcat:9.0.91:*:*:*:*:*:*:*
tomcat
Version:
9.0.61
CPE:
cpe:2.3:a:apache:tomcat:9.0.61:*:*:*:*:*:*:*
tomcat
Version:
9.0.94
CPE:
cpe:2.3:a:apache:tomcat:9.0.94:*:*:*:*:*:*:*
tomcat
Version:
9.0.104
CPE:
cpe:2.3:a:apache:tomcat:9.0.104:*:*:*:*:*:*:*
tomcat
Version:
10.1.36
CPE:
cpe:2.3:a:apache:tomcat:10.1.36:*:*:*:*:*:*:*
tomcat
Version:
9.0.76
CPE:
cpe:2.3:a:apache:tomcat:9.0.76:*:*:*:*:*:*:*
tomcat
Version:
11.0.11
CPE:
cpe:2.3:a:apache:tomcat:11.0.11:*:*:*:*:*:*:*
tomcat
Version:
9.0.100
CPE:
cpe:2.3:a:apache:tomcat:9.0.100:*:*:*:*:*:*:*
tomcat
Version:
9.0.87
CPE:
cpe:2.3:a:apache:tomcat:9.0.87:*:*:*:*:*:*:*
tomcat
Version:
10.1.12
CPE:
cpe:2.3:a:apache:tomcat:10.1.12:*:*:*:*:*:*:*
tomcat
Version:
9.0.40
CPE:
cpe:2.3:a:apache:tomcat:9.0.40:*:*:*:*:*:*:*
tomcat
Version:
10.1.29
CPE:
cpe:2.3:a:apache:tomcat:10.1.29:*:*:*:*:*:*:*
tomcat
Version:
9.0.69
CPE:
cpe:2.3:a:apache:tomcat:9.0.69:*:*:*:*:*:*:*
tomcat
Version:
10.1.46
CPE:
cpe:2.3:a:apache:tomcat:10.1.46:*:*:*:*:*:*:*
tomcat
Version:
11.0.1
CPE:
cpe:2.3:a:apache:tomcat:11.0.1:*:*:*:*:*:*:*
tomcat
Version:
9.0.84
CPE:
cpe:2.3:a:apache:tomcat:9.0.84:*:*:*:*:*:*:*
tomcat
Version:
9.0.64
CPE:
cpe:2.3:a:apache:tomcat:9.0.64:*:*:*:*:*:*:*
This vulnerability affects 131 software configuration(s). Ensure you patch all affected systems.
SUSE
CVE-2026-34483
CVE-2026-34483
Severity
Unknown
Released
Apr 16, 2026
Security Update
Severity Details
7.5
out of 10.0
High
Weakness Type (CWE)
CWE-116
Improper Encoding or Escaping of Output
- Description
- The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
- Exploit Likelihood
- High
- Typical Severity
- Medium
- Abstraction Level
- Class
Key Information
- Published Date
- April 09, 2026
