Back to overview

CVE-2026-59084

Description
Insufficient Technical Documentation vulnerability in Apache Tomcat since the requirements to securely configure the EncryptInterceptor were not clearly documented. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.23, from 10.1.0-M1 through 10.1.56, from 9.0.13 through 9.0.119, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Other versions that have reached end of support may also be affected. Users are recommended to upgrade to version 11.0.24, 10.1.57 or 9.0.120 which fix the issue.

Metadata

CVE ID
CVE-2026-59084
State
PUBLISHED
Assigner
apache
Reserved
2026-07-02 10:42 UTC
Published
2026-07-14 08:24 UTC
Last updated
2026-07-14 10:33 UTC
Primary CWE
CWE-1059
CWE-1059 Insufficient Technical Documentation
Vendor / Product
Apache Software Foundation / Apache Tomcat
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
Apache Software Foundation Apache Tomcat 11.0.0-M1 ≤ 11.0.23, 10.1.0-M1 ≤ 10.1.56, 9.0.13 ≤ 9.0.119, 8.5.38 ≤ 8.5.100 …
Weakness (CWE)
CWESourceDescription
CWE-1059 cna CWE-1059 Insufficient Technical Documentation
Back to overview