Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 533
Alerts This Week
Warning Icon 1 533

openSUSE Tomcat11 Moderate Script and Access Issues Vuln 2026-3087-1

opensuse
Calendar Grey July 17, 2026
Scroller Opensuse Esm H88
This update fixes six vulnerabilities in Tomcat 11 and includes one security patch. Get the details and patch instructions.
An update that solves six vulnerabilities and has one security fix can now be installed.

Description

This update for tomcat11 fixes the following issues

Update to Tomcat 11.0.23.

Security issues fixed:

* CVE-2026-50229: improper neutralization of script-related HTML tags in the

number guess example (bsc#1269791).

* CVE-2026-53404: always-incorrect control flow implementation in the rewrite

valve caused non-OR conditions to be skipped if the first condition in an OR

chain matched (bsc#1269910).

* CVE-2026-53434: error condition not handled when configuring CRLs for a FFM

based connector (bsc#1269824).

* CVE-2026-55276: always-incorrect control flow implementation caused special

roles and empty authorization constraints to not be included when the

effective web.xml was logged (bsc#1269909).

* CVE-2026-55955: improper authentication allows a replay attack against the

EncryptionInterceptor in the cluster component (bsc#1269908).

* CVE-2026-55956: improper authorization leads to security constraints

specified for the default servlet ignoring...

Read the Full Advisory

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* Web and Scripting Module 15-SP7

zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2026-3087=1

* openSUSE Leap 15.6

zypper in -t patch SUSE-2026-3087=1

Package List

* Web and Scripting Module 15-SP7 (noarch)

* tomcat11-11.0.23-150600.13.24.1

* tomcat11-el-6_0-api-11.0.23-150600.13.24.1

* tomcat11-servlet-6_1-api-11.0.23-150600.13.24.1

* tomcat11-lib-11.0.23-150600.13.24.1

* tomcat11-admin-webapps-11.0.23-150600.13.24.1

* tomcat11-jsp-4_0-api-11.0.23-150600.13.24.1

* tomcat11-webapps-11.0.23-150600.13.24.1

* openSUSE Leap 15.6 (noarch)

* tomcat11-jsvc-11.0.23-150600.13.24.1

* tomcat11-docs-webapp-11.0.23-150600.13.24.1

* tomcat11-11.0.23-150600.13.24.1

* tomcat11-el-6_0-api-11.0.23-150600.13.24.1

* tomcat11-servlet-6_1-api-11.0.23-150600.13.24.1

* tomcat11-lib-11.0.23-150600.13.24.1

* tomcat11-admin-webapps-11.0.23-150600.13.24.1

* tomcat11-jsp-4_0-api-11.0.23-150600.13.24.1

* tomcat11-webapps-11.0.23-150600.13.24.1

* tomcat11-embed-11.0.23-150600.13.24.1

* tomcat11-doc-11.0.23-150600.13.24.1

References

* bsc#1232390

* bsc#1269791

* bsc#1269824

* bsc#1269907

* bsc#1269908

* bsc#1269909

* bsc#1269910

## References:

* https://www.suse.com/security/cve/CVE-2026-50229.html

* https://www.suse.com/security/cve/CVE-2026-53404.html

* https://www.suse.com/security/cve/CVE-2026-53434.html

* https://www.suse.com/security/cve/CVE-2026-55276.html

* https://www.suse.com/security/cve/CVE-2026-55955.html

* https://www.suse.com/security/cve/CVE-2026-55956.html

* https://bugzilla.suse.com/show_bug.cgi?id=1232390

* https://bugzilla.suse.com/show_bug.cgi?id=1269791

* https://bugzilla.suse.com/show_bug.cgi?id=1269824

* https://bugzilla.suse.com/show_bug.cgi?id=1269907

* https://bugzilla.suse.com/show_bug.cgi?id=1269908

* https://bugzilla.suse.com/show_bug.cgi?id=1269909

* https://bugzilla.suse.com/show_bug.cgi?id=1269910

Severity
moderate
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:3087-1
Release Date: 2026-07-16T17:56:56Z
Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP7 * SUSE Linux Enterprise Server for SAP Applications 15 SP7 * Web and Scripting Module 15-SP7

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.