Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

SUSE 2026 Tomcat 11 Vital Vulnerability Patch 2026-1558-1 Released

suse
Calendar Grey April 23, 2026
Dist Suse Esm H88
SUSE has released an important advisory addressing 11 vulnerabilities in tomcat11, ensuring better security.
An update that solves 11 vulnerabilities can now be installed.

Summary

## This update for tomcat11 fixes the following issues: Security fixes: * CVE-2026-24880: Request smuggling via invalid chunk extension (bsc#1261850). * CVE-2026-25854: Occasionally open redirect (bsc#1261851). * CVE-2026-29129: TLS cipher order is not preserved (bsc#1261852). * CVE-2026-29145: OCSP checks sometimes soft-fail even when soft-fail is disabled (bsc#1261853). * CVE-2026-29146,CVE-2026-34486: Fix for allowed bypass of EncryptInterceptor (bsc#1261854). * CVE-2026-34483: Incomplete escaping of JSON access logs (bsc#1261855). * CVE-2026-34487: Cloud membership for clustering component exposed the Kubernetes bearer token (bsc#1261856). * CVE-2026-34500: OCSP checks sometimes soft-fail with FFM even when soft-fail is disabled (bsc#1261857).

References

* bsc#1258371

* bsc#1261850

* bsc#1261851

* bsc#1261852

* bsc#1261853

* bsc#1261854

* bsc#1261855

* bsc#1261856

* bsc#1261857

Cross-

* CVE-2025-66614

* CVE-2026-24880

* CVE-2026-25854

* CVE-2026-29129

* CVE-2026-29145

* CVE-2026-29146

* CVE-2026-32990

* CVE-2026-34483

* CVE-2026-34486

* CVE-2026-34487

* CVE-2026-34500

CVSS scores:

* CVE-2025-66614 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

* CVE-2025-66614 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2025-66614 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

* CVE-2025-66614 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

* CVE-2026-24880 ( SUSE ): 6.3

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:1558-1
Release Date: 2026-04-22T16:24:40Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here