The Apache Software Foundationから、Apache Tomcatの脆弱性(CVE-2026-55957, CVE-2026-55956, CVE-2026-55955, CVE-2026-55276, CVE-2026-53434, CVE-2026-53404, CVE-2026-50229)に対してアドバイザリが公開されました。 Fixed in Apache Tomcat 11.0.23Fixed in Apache Tomcat 11.0.5Fixed in Apache Tomcat 10.1.56Fixed in Apache Tomcat 10.1.39Fixed in Apache Tomcat 9.0.119Fixed in Apache Tomcat 9.0.102
Apache Software Foundation Apache Tomcat
Apache Tomcatのアドバイザリを参照してください。
Apache Software Foundation The Apache Software Foundation : [SECURITY] CVE-2026-55957 Apache Tomcat - Authentication bypass with JNDIRealm and GSSAPI authenticated bind The Apache Software Foundation : [SECURITY] CVE-2026-55956 Apache Tomcat - Security constraints for default servlet ignored method The Apache Software Foundation : [SECURITY] CVE-2026-55955 Apache Tomcat - EncryptInterceptor not protected against replay attacks The Apache Software Foundation : [SECURITY] CVE-2026-55276 Apache Tomcat - Logged effective web.xml is incomplete The Apache Software Foundation : [SECURITY] CVE-2026-53434 Apache Tomcat - Invalid CRL configuration doesn't trigger failure for FFM Connector The Apache Software Foundation : [SECURITY] CVE-2026-53404 Apache Tomcat - Bad ornext processing in RewriteValve The Apache Software Foundation : [SECURITY] CVE-2026-50229 Apache Tomcat - XXS in number guess example The Apache Software Foundation : Fixed in Apache Tomcat 11.0.23 The Apache Software Foundation : Fixed in Apache Tomcat 11.0.5 The Apache Software Foundation : Fixed in Apache Tomcat 10.1.56 The Apache Software Foundation : Fixed in Apache Tomcat 10.1.39 The Apache Software Foundation : Fixed in Apache Tomcat 9.0.119 The Apache Software Foundation : Fixed in Apache Tomcat 9.0.102
CVE-2026-50229 CVE-2026-53404 CVE-2026-53434 CVE-2026-55276 CVE-2026-55955 CVE-2026-55956 CVE-2026-55957
JVN : JVNVU#93304382
[2026年07月02日] 掲載