Explore top 10 tips to secure your open-source projects now. Read More
×
This update for tomcat fixes the following issues
Update to Tomcat 9.0.119.
Security issues fixed:
- CVE-2026-50229: improper neutralization of script-related HTML tags in the number guess example (bsc#1269791).
- CVE-2026-53404: always-incorrect control flow implementation in the rewrite valve caused non-OR conditions to be
skipped if the first condition in an OR chain matched (bsc#1269910).
- CVE-2026-53434: error condition not handled when configuring CRLs for a FFM based connector (bsc#1269824).
- CVE-2026-55276: always-incorrect control flow implementation caused special roles and empty authorization constraints
to not be included when the effective web.xml was logged (bsc#1269909).
- CVE-2026-55955: improper authentication allows a replay attack against the EncryptionInterceptor in the cluster
component (bsc#1269908).
- CVE-2026-55956: improper authorization leads to security constraints specified for the default servlet ignoring any
method or method omission...
Read the Full Advisory- openSUSE Leap 16.0:
tomcat-9.0.119-160000.1.1
tomcat-admin-webapps-9.0.119-160000.1.1
tomcat-docs-webapp-9.0.119-160000.1.1
tomcat-el-3_0-api-9.0.119-160000.1.1
tomcat-embed-9.0.119-160000.1.1
tomcat-javadoc-9.0.119-160000.1.1
tomcat-jsp-2_3-api-9.0.119-160000.1.1
tomcat-jsvc-9.0.119-160000.1.1
tomcat-lib-9.0.119-160000.1.1
tomcat-servlet-4_0-api-9.0.119-160000.1.1
tomcat-webapps-9.0.119-160000.1.1
* bsc#1269791
* bsc#1269824
* bsc#1269907
* bsc#1269908
* bsc#1269909
* bsc#1269910
References:
* https://www.suse.com/security/cve/CVE-2026-50229.html
* https://www.suse.com/security/cve/CVE-2026-53404.html
* https://www.suse.com/security/cve/CVE-2026-53434.html
* https://www.suse.com/security/cve/CVE-2026-55276.html
* https://www.suse.com/security/cve/CVE-2026-55955.html
* https://www.suse.com/security/cve/CVE-2026-55956.html
Get the latest Linux and open source security news straight to your inbox.