Vulnerability-Lookup

WID-SEC-W-2026-1608

Vulnerability from csaf_certbund - Published: 2026-05-19 22:00 - Updated: 2026-05-20 22:00

Summary

Atlassian Produkte (Bamboo, Bitbucket, Confluence, Crucible, Fisheye und Jira): Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet. Bitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle. Confluence ist eine kommerzielle Wiki-Software. Crucible ist eine Code-Review-Lösung für Unternehmensteams. Fisheye ist ein Quellcode-Repository-Browser für Unternehmensteams. Jira ist eine Webanwendung zur Softwareentwicklung.

Angriff: Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence, Atlassian Crucible, Atlassian Fisheye und Atlassian Jira ausnutzen, um beliebigen Programmcode auszuführen, um einen Denial of Service Angriff durchzuführen, um Informationen offenzulegen, um einen Cross-Site Scripting Angriff durchzuführen, und um Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme: - Linux - Sonstiges - UNIX - Windows

CVE-2019-13990

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2022-1471

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2022-23521

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2022-41903

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2023-22518

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2023-22522

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2023-22523

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2023-22524

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2023-22527

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2023-24998

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2023-46604

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2024-45801

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2025-52999

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2025-67030

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-22029

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-22732

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-24734

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-24880

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-25639

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-26960

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-27727

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-27830

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-29062

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-29129

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-29145

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-29146

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-29786

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-31802

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-33750

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-34483

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-34487

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-39304

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-42198

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

CVE-2026-5598

Affected products

Known affected 13 products

Product	Identifier	Version
Atlassian Bamboo Data Center LTS <12.1.7 Atlassian / Bamboo		Data Center LTS <12.1.7
Atlassian Jira Data Center LTS <10.3.20 Atlassian / Jira		Data Center LTS <10.3.20
Atlassian Jira Data Center LTS <11.3.5 Atlassian / Jira		Data Center LTS <11.3.5
Atlassian Fisheye <4.9.10 Atlassian / Fisheye		<4.9.10
Atlassian Crucible <4.9.10 Atlassian / Crucible		<4.9.10
Atlassian Confluence Data Center LTS <9.2.20 Atlassian / Confluence		Data Center LTS <9.2.20
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Atlassian Confluence Data Center LTS <10.2.11 Atlassian / Confluence		Data Center LTS <10.2.11
Atlassian Bitbucket Data Center LTS <9.4.19 Atlassian / Bitbucket		Data Center LTS <9.4.19
Atlassian Bitbucket Data Center LTS <10.2.2 Atlassian / Bitbucket		Data Center LTS <10.2.2
Atlassian Bamboo Data Center LTS <9.6.26 Atlassian / Bamboo		Data Center LTS <9.6.26
Atlassian Bamboo Data Center LTS <10.2.19 Atlassian / Bamboo		Data Center LTS <10.2.19
Atlassian Jira LTS <9.12.35 Atlassian / Jira		LTS <9.12.35

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://confluence.atlassian.com/security/securit…	external
https://access.redhat.com/errata/RHSA-2026:19098	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.\r\nBitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.\r\nConfluence ist eine kommerzielle Wiki-Software.\r\nCrucible ist eine Code-Review-L\u00f6sung f\u00fcr Unternehmensteams.\r\nFisheye ist ein Quellcode-Repository-Browser f\u00fcr Unternehmensteams. \r\nJira ist eine Webanwendung zur Softwareentwicklung.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence, Atlassian Crucible, Atlassian Fisheye und Atlassian Jira ausnutzen, um beliebigen Programmcode auszuf\u00fchren, um einen Denial of Service Angriff durchzuf\u00fchren, um Informationen offenzulegen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren, und um Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1608 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1608.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1608 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1608"
      },
      {
        "category": "external",
        "summary": "Atlassian Security Bulletin Mai vom 2026-05-19",
        "url": "https://confluence.atlassian.com/security/security-bulletin-may-19-2026-1786839142.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:19098 vom 2026-05-20",
        "url": "https://access.redhat.com/errata/RHSA-2026:19098"
      }
    ],
    "source_lang": "en-US",
    "title": "Atlassian Produkte (Bamboo, Bitbucket, Confluence, Crucible, Fisheye und Jira): Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-05-20T22:00:00.000+00:00",
      "generator": {
        "date": "2026-05-21T07:35:45.292+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1608",
      "initial_release_date": "2026-05-19T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-05-19T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-05-20T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center LTS \u003c12.1.7",
                "product": {
                  "name": "Atlassian Bamboo Data Center LTS \u003c12.1.7",
                  "product_id": "T054387"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center LTS 12.1.7",
                "product": {
                  "name": "Atlassian Bamboo Data Center LTS 12.1.7",
                  "product_id": "T054387-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:data_center_lts__12.1.7"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center LTS \u003c10.2.19",
                "product": {
                  "name": "Atlassian Bamboo Data Center LTS \u003c10.2.19",
                  "product_id": "T054388"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center LTS 10.2.19",
                "product": {
                  "name": "Atlassian Bamboo Data Center LTS 10.2.19",
                  "product_id": "T054388-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:data_center_lts__10.2.19"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center LTS \u003c9.6.26",
                "product": {
                  "name": "Atlassian Bamboo Data Center LTS \u003c9.6.26",
                  "product_id": "T054389"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center LTS 9.6.26",
                "product": {
                  "name": "Atlassian Bamboo Data Center LTS 9.6.26",
                  "product_id": "T054389-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bamboo:data_center_lts__9.6.26"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bamboo"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center LTS \u003c10.2.2",
                "product": {
                  "name": "Atlassian Bitbucket Data Center LTS \u003c10.2.2",
                  "product_id": "T054391"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center LTS 10.2.2",
                "product": {
                  "name": "Atlassian Bitbucket Data Center LTS 10.2.2",
                  "product_id": "T054391-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:data_center_lts__10.2.2"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center LTS \u003c9.4.19",
                "product": {
                  "name": "Atlassian Bitbucket Data Center LTS \u003c9.4.19",
                  "product_id": "T054392"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center LTS 9.4.19",
                "product": {
                  "name": "Atlassian Bitbucket Data Center LTS 9.4.19",
                  "product_id": "T054392-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:bitbucket:data_center_lts__9.4.19"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Bitbucket"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center LTS \u003c10.2.11",
                "product": {
                  "name": "Atlassian Confluence Data Center LTS \u003c10.2.11",
                  "product_id": "T054393"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center LTS 10.2.11",
                "product": {
                  "name": "Atlassian Confluence Data Center LTS 10.2.11",
                  "product_id": "T054393-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:data_center_lts__10.2.11"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center LTS \u003c9.2.20",
                "product": {
                  "name": "Atlassian Confluence Data Center LTS \u003c9.2.20",
                  "product_id": "T054394"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center LTS 9.2.20",
                "product": {
                  "name": "Atlassian Confluence Data Center LTS 9.2.20",
                  "product_id": "T054394-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:confluence:data_center_lts__9.2.20"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Confluence"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c4.9.10",
                "product": {
                  "name": "Atlassian Crucible \u003c4.9.10",
                  "product_id": "T054395"
                }
              },
              {
                "category": "product_version",
                "name": "4.9.10",
                "product": {
                  "name": "Atlassian Crucible 4.9.10",
                  "product_id": "T054395-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:crucible:4.9.10"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Crucible"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c4.9.10",
                "product": {
                  "name": "Atlassian Fisheye \u003c4.9.10",
                  "product_id": "T054396"
                }
              },
              {
                "category": "product_version",
                "name": "4.9.10",
                "product": {
                  "name": "Atlassian Fisheye 4.9.10",
                  "product_id": "T054396-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:fisheye:4.9.10"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Fisheye"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Data Center LTS \u003c11.3.5",
                "product": {
                  "name": "Atlassian Jira Data Center LTS \u003c11.3.5",
                  "product_id": "T054397"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center LTS 11.3.5",
                "product": {
                  "name": "Atlassian Jira Data Center LTS 11.3.5",
                  "product_id": "T054397-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:data_center_lts__11.3.5"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Data Center LTS \u003c10.3.20",
                "product": {
                  "name": "Atlassian Jira Data Center LTS \u003c10.3.20",
                  "product_id": "T054398"
                }
              },
              {
                "category": "product_version",
                "name": "Data Center LTS 10.3.20",
                "product": {
                  "name": "Atlassian Jira Data Center LTS 10.3.20",
                  "product_id": "T054398-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:data_center_lts__10.3.20"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "LTS \u003c9.12.35",
                "product": {
                  "name": "Atlassian Jira LTS \u003c9.12.35",
                  "product_id": "T054399"
                }
              },
              {
                "category": "product_version",
                "name": "LTS 9.12.35",
                "product": {
                  "name": "Atlassian Jira LTS 9.12.35",
                  "product_id": "T054399-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:atlassian:jira:lts__9.12.35"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Jira"
          }
        ],
        "category": "vendor",
        "name": "Atlassian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-13990",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2019-13990"
    },
    {
      "cve": "CVE-2022-1471",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2022-1471"
    },
    {
      "cve": "CVE-2022-23521",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2022-23521"
    },
    {
      "cve": "CVE-2022-41903",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2022-41903"
    },
    {
      "cve": "CVE-2023-22518",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2023-22518"
    },
    {
      "cve": "CVE-2023-22522",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2023-22522"
    },
    {
      "cve": "CVE-2023-22523",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2023-22523"
    },
    {
      "cve": "CVE-2023-22524",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2023-22524"
    },
    {
      "cve": "CVE-2023-22527",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2023-22527"
    },
    {
      "cve": "CVE-2023-24998",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2023-24998"
    },
    {
      "cve": "CVE-2023-46604",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2023-46604"
    },
    {
      "cve": "CVE-2024-45801",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2024-45801"
    },
    {
      "cve": "CVE-2025-52999",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2025-52999"
    },
    {
      "cve": "CVE-2025-67030",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2025-67030"
    },
    {
      "cve": "CVE-2026-22029",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-22029"
    },
    {
      "cve": "CVE-2026-22732",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-22732"
    },
    {
      "cve": "CVE-2026-24734",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-24734"
    },
    {
      "cve": "CVE-2026-24880",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-24880"
    },
    {
      "cve": "CVE-2026-25639",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-25639"
    },
    {
      "cve": "CVE-2026-26960",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-26960"
    },
    {
      "cve": "CVE-2026-27727",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-27727"
    },
    {
      "cve": "CVE-2026-27830",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-27830"
    },
    {
      "cve": "CVE-2026-29062",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-29062"
    },
    {
      "cve": "CVE-2026-29129",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-29129"
    },
    {
      "cve": "CVE-2026-29145",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-29145"
    },
    {
      "cve": "CVE-2026-29146",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-29146"
    },
    {
      "cve": "CVE-2026-29786",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-29786"
    },
    {
      "cve": "CVE-2026-31802",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-31802"
    },
    {
      "cve": "CVE-2026-33750",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-33750"
    },
    {
      "cve": "CVE-2026-34483",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-34483"
    },
    {
      "cve": "CVE-2026-34487",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-34487"
    },
    {
      "cve": "CVE-2026-39304",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-39304"
    },
    {
      "cve": "CVE-2026-42198",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-42198"
    },
    {
      "cve": "CVE-2026-5598",
      "product_status": {
        "known_affected": [
          "T054387",
          "T054398",
          "T054397",
          "T054396",
          "T054395",
          "T054394",
          "67646",
          "T054393",
          "T054392",
          "T054391",
          "T054389",
          "T054388",
          "T054399"
        ]
      },
      "release_date": "2026-05-19T22:00:00.000+00:00",
      "title": "CVE-2026-5598"
    }
  ]
}

CVE-2026-27727 (GCVE-0-2026-27727)

Vulnerability from cvelistv5 – Published: 2026-02-25 16:01 – Updated: 2026-02-25 20:15

Title

mchange-commons-java: Remote Code Execution via JNDI Reference Resolution

Summary

mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote `factoryClassLocation` values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an application to read a maliciously crafted `jaxax.naming.Reference` or serialized object, they can provoke the download and execution of malicious code. Implementations of this functionality within the JDK were disabled by default behind a System property that defaults to `false`, `com.sun.jndi.ldap.object.trustURLCodebase`. However, since mchange-commons-java includes an independent implementation of JNDI derefencing, libraries (such as c3p0) that resolve references via that implementation could be provoked to download and execute malicious code even after the JDK was hardened. Mirroring the JDK patch, mchange-commons-java's JNDI functionality is gated by configuration parameters that default to restrictive values starting in version 0.4.0. No known workarounds are available. Versions prior to 0.4.0 should be avoided on application CLASSPATHs.

Severity ?

8.9 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CWE

CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/swaldman/mchange-commons-java/…	x_refsource_CONFIRM
https://mogwailabs.de/en/blog/2025/02/c3p0-you-li…	x_refsource_MISC
https://www.mchange.com/projects/c3p0/#configurin…	x_refsource_MISC
https://www.mchange.com/projects/c3p0/#security-note	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
swaldman	mchange-commons-java	Affected: < 0.4.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-27727",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-25T20:13:53.240165Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-25T20:15:05.299Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "mchange-commons-java",
          "vendor": "swaldman",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "mchange-commons-java, a library that provides Java utilities, includes code that mirrors early implementations of JNDI functionality, including support for remote `factoryClassLocation` values, by which code can be downloaded and invoked within a running application. If an attacker can provoke an application to read a maliciously crafted `jaxax.naming.Reference` or serialized object, they can provoke the download and execution of malicious code. Implementations of this functionality within the JDK were disabled by default behind a System property that defaults to `false`, `com.sun.jndi.ldap.object.trustURLCodebase`. However, since mchange-commons-java includes an independent implementation of JNDI derefencing, libraries (such as c3p0) that resolve references via that implementation could be provoked to download and execute malicious code even after the JDK was hardened. Mirroring the JDK patch, mchange-commons-java\u0027s JNDI functionality is gated by configuration parameters that default to restrictive values starting in version 0.4.0. No known workarounds are available. Versions prior to 0.4.0 should be avoided on application CLASSPATHs."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.9,
            "baseSeverity": "HIGH",
            "privilegesRequired": "HIGH",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-25T16:01:04.187Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/swaldman/mchange-commons-java/security/advisories/GHSA-m2cm-222f-qw44",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/swaldman/mchange-commons-java/security/advisories/GHSA-m2cm-222f-qw44"
        },
        {
          "name": "https://mogwailabs.de/en/blog/2025/02/c3p0-you-little-rascal",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://mogwailabs.de/en/blog/2025/02/c3p0-you-little-rascal"
        },
        {
          "name": "https://www.mchange.com/projects/c3p0/#configuring_security",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mchange.com/projects/c3p0/#configuring_security"
        },
        {
          "name": "https://www.mchange.com/projects/c3p0/#security-note",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mchange.com/projects/c3p0/#security-note"
        }
      ],
      "source": {
        "advisory": "GHSA-m2cm-222f-qw44",
        "discovery": "UNKNOWN"
      },
      "title": "mchange-commons-java: Remote Code Execution via JNDI Reference Resolution"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-27727",
    "datePublished": "2026-02-25T16:01:04.187Z",
    "dateReserved": "2026-02-23T18:37:14.789Z",
    "dateUpdated": "2026-02-25T20:15:05.299Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-27830 (GCVE-0-2026-27830)

Vulnerability from cvelistv5 – Published: 2026-02-26 00:45 – Updated: 2026-05-04 19:40

Title

c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property

Summary

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and `javax.naming.Reference` instances. Several c3p0 `ConnectionPoolDataSource` implementations have a property called `userOverridesAsString` which conceptually represents a `Map<String,Map<String,String>>`. Prior to v0.12.0, that property was maintained as a hex-encoded serialized object. Any attacker able to reset this property, on an existing `ConnectionPoolDataSource` or via maliciously crafted serialized objects or `javax.naming.Reference` instances could be tailored execute unexpected code on the application's `CLASSPATH`. The danger of this vulnerability was strongly magnified by vulnerabilities in c3p0's main dependency, mchange-commons-java. This library includes code that mirrors early implementations of JNDI functionality, including ungated support for remote `factoryClassLocation` values. Attackers could set c3p0's `userOverridesAsString` hex-encoded serialized objects that include objects "indirectly serialized" via JNDI references. Deserialization of those objects and dereferencing of the embedded `javax.naming.Reference` objects could provoke download and execution of malicious code from a remote `factoryClassLocation`. Although hazard presented by c3p0's vulnerabilites are exarcerbated by vulnerabilities in mchange-commons-java, use of Java-serialized-object hex as the format for a writable Java-Bean property, of objects that may be exposed across JNDI interfaces, represents a serious independent fragility. The `userOverridesAsString` property of c3p0 `ConnectionPoolDataSource` classes has been reimplemented to use a safe CSV-based format, rather than rely upon potentially dangerous Java object deserialization. c3p0-0.12.0+ and above depend upon mchange-commons-java 0.4.0+, which gates support for remote `factoryClassLocation` values by configuration parameters that default to restrictive values. c3p0 additionally enforces the new mchange-commons-java `com.mchange.v2.naming.nameGuardClassName` to prevent injection of unexpected, potentially remote JNDI names. There is no supported workaround for versions of c3p0 prior to 0.12.0.

Severity ?

8.9 (High)


                        
                          CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

CWE

CWE-502 - Deserialization of Untrusted Data
CWE-94 - Improper Control of Generation of Code ('Code Injection')

Assigner

GitHub_M

References

5 references

URL	Tags
https://github.com/swaldman/c3p0/security/advisor…	x_refsource_CONFIRM
https://github.com/swaldman/c3p0/commit/e14cbd816…	x_refsource_MISC
https://mogwailabs.de/en/blog/2025/02/c3p0-you-li…	x_refsource_MISC
https://www.mchange.com/projects/c3p0/#configurin…	x_refsource_MISC
https://www.mchange.com/projects/c3p0/#security-note	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
swaldman	c3p0	Affected: < 0.12.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-27830",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-02T03:55:34.556407Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-04T19:40:49.642Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "c3p0",
          "vendor": "swaldman",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.12.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and `javax.naming.Reference` instances. Several c3p0 `ConnectionPoolDataSource` implementations have a property called `userOverridesAsString` which conceptually represents a `Map\u003cString,Map\u003cString,String\u003e\u003e`. Prior to v0.12.0, that property was maintained as a hex-encoded serialized object. Any attacker able to reset this property, on an existing `ConnectionPoolDataSource` or via maliciously crafted serialized objects or `javax.naming.Reference` instances could be tailored execute unexpected code on the application\u0027s `CLASSPATH`. The danger of this vulnerability was strongly magnified by vulnerabilities in c3p0\u0027s main dependency, mchange-commons-java. This library includes code that mirrors early implementations of JNDI functionality, including ungated support for remote `factoryClassLocation` values. Attackers could set c3p0\u0027s `userOverridesAsString` hex-encoded serialized objects that include objects \"indirectly serialized\" via JNDI references. Deserialization of those objects and dereferencing of the embedded `javax.naming.Reference` objects could provoke download and execution of malicious code from a remote `factoryClassLocation`. Although hazard presented by c3p0\u0027s vulnerabilites are exarcerbated by vulnerabilities in mchange-commons-java, use of Java-serialized-object hex as the format for a writable Java-Bean property, of objects that may be exposed across JNDI interfaces, represents a serious independent fragility. The `userOverridesAsString` property of c3p0 `ConnectionPoolDataSource` classes has been reimplemented to use a safe CSV-based format, rather than rely upon potentially dangerous Java object deserialization. c3p0-0.12.0+ and above depend upon mchange-commons-java 0.4.0+, which gates support for remote `factoryClassLocation` values by configuration parameters that default to restrictive values. c3p0 additionally enforces the new mchange-commons-java `com.mchange.v2.naming.nameGuardClassName` to prevent injection of unexpected, potentially remote JNDI names. There is no supported workaround for versions of c3p0 prior to 0.12.0."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "ADJACENT",
            "baseScore": 8.9,
            "baseSeverity": "HIGH",
            "privilegesRequired": "LOW",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502: Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-26T00:45:18.222Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/swaldman/c3p0/security/advisories/GHSA-5476-xc4j-rqcv",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/swaldman/c3p0/security/advisories/GHSA-5476-xc4j-rqcv"
        },
        {
          "name": "https://github.com/swaldman/c3p0/commit/e14cbd8166e423e2e9a9d6f08b2add3433492d6e",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/swaldman/c3p0/commit/e14cbd8166e423e2e9a9d6f08b2add3433492d6e"
        },
        {
          "name": "https://mogwailabs.de/en/blog/2025/02/c3p0-you-little-rascal",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://mogwailabs.de/en/blog/2025/02/c3p0-you-little-rascal"
        },
        {
          "name": "https://www.mchange.com/projects/c3p0/#configuring_security",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mchange.com/projects/c3p0/#configuring_security"
        },
        {
          "name": "https://www.mchange.com/projects/c3p0/#security-note",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mchange.com/projects/c3p0/#security-note"
        }
      ],
      "source": {
        "advisory": "GHSA-5476-xc4j-rqcv",
        "discovery": "UNKNOWN"
      },
      "title": "c3p0 vulnerable to Remote Code Execution via unsafe deserialization of userOverridesAsString property"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-27830",
    "datePublished": "2026-02-26T00:45:18.222Z",
    "dateReserved": "2026-02-24T02:32:39.800Z",
    "dateUpdated": "2026-05-04T19:40:49.642Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-29062 (GCVE-0-2026-29062)

Vulnerability from cvelistv5 – Published: 2026-03-06 07:14 – Updated: 2026-03-09 20:02

Title

jackson-core: Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion

Summary

jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. From version 3.0.0 to before version 3.1.0, the UTF8DataInputJsonParser, which is used when parsing from a java.io.DataInput source, bypasses the maxNestingDepth constraint (default: 500) defined in StreamReadConstraints. A similar issue was found in ReaderBasedJsonParser. This allows a user to supply a JSON document with excessive nesting, which can cause a StackOverflowError when the structure is processed, leading to a Denial of Service (DoS). This issue has been patched in version 3.1.0.

Severity ?

8.7 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

GitHub_M

References

3 references

URL	Tags
https://github.com/FasterXML/jackson-core/securit…	x_refsource_CONFIRM
https://github.com/FasterXML/jackson-core/pull/1554	x_refsource_MISC
https://github.com/FasterXML/jackson-core/commit/…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
FasterXML	jackson-core	Affected: >= 3.0.0, < 3.1.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-29062",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-09T20:02:22.373094Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-09T20:02:33.039Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jackson-core",
          "vendor": "FasterXML",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 3.0.0, \u003c 3.1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "jackson-core contains core low-level incremental (\"streaming\") parser and generator abstractions used by Jackson Data Processor. From version 3.0.0 to before version 3.1.0, the UTF8DataInputJsonParser, which is used when parsing from a java.io.DataInput source, bypasses the maxNestingDepth constraint (default: 500) defined in StreamReadConstraints. A similar issue was found in ReaderBasedJsonParser. This allows a user to supply a JSON document with excessive nesting, which can cause a StackOverflowError when the structure is processed, leading to a Denial of Service (DoS). This issue has been patched in version 3.1.0."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-06T07:14:25.059Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-6v53-7c9g-w56r",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-core/security/advisories/GHSA-6v53-7c9g-w56r"
        },
        {
          "name": "https://github.com/FasterXML/jackson-core/pull/1554",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-core/pull/1554"
        },
        {
          "name": "https://github.com/FasterXML/jackson-core/commit/8b25fd67f20583e75fb09564ce1eaab06cd5a902",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-core/commit/8b25fd67f20583e75fb09564ce1eaab06cd5a902"
        }
      ],
      "source": {
        "advisory": "GHSA-6v53-7c9g-w56r",
        "discovery": "UNKNOWN"
      },
      "title": "jackson-core: Nesting Depth Constraint Bypass in `UTF8DataInputJsonParser` potentially allowing Resource Exhaustion"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-29062",
    "datePublished": "2026-03-06T07:14:25.059Z",
    "dateReserved": "2026-03-03T17:50:11.245Z",
    "dateUpdated": "2026-03-09T20:02:33.039Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-29129 (GCVE-0-2026-29129)

Vulnerability from cvelistv5 – Published: 2026-04-09 19:19 – Updated: 2026-04-10 18:06

Title

Apache Tomcat: TLS cipher order is not preserved

Summary

Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.

Severity ?

No CVSS data available.

CWE

Configured cipher preference order not preserved

Assigner

apache

References

1 reference

URL	Tags
https://lists.apache.org/thread/r4h1t6f8xhxsxfm6c…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache Tomcat	Affected: 11.0.16 , ≤ 11.0.18 (semver) Affected: 10.1.51 , ≤ 10.1.52 (semver) Affected: 9.0.114 , ≤ 9.0.115 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-04-09T23:15:48.414Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/09/22"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-29129",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-10T18:05:39.544150Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-327",
                "description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-10T18:06:45.771Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "11.0.18",
              "status": "affected",
              "version": "11.0.16",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.1.52",
              "status": "affected",
              "version": "10.1.51",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.0.115",
              "status": "affected",
              "version": "9.0.114",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eConfigured cipher preference order not preserved vulnerability in Apache Tomcat.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.\u003c/p\u003e"
            }
          ],
          "value": "Configured cipher preference order not preserved vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Configured cipher preference order not preserved",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-09T19:19:40.645Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/r4h1t6f8xhxsxfm6c2z5cprolsosho3f"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Tomcat: TLS cipher order is not preserved",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-29129",
    "datePublished": "2026-04-09T19:19:40.645Z",
    "dateReserved": "2026-03-04T08:16:56.456Z",
    "dateUpdated": "2026-04-10T18:06:45.771Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-29145 (GCVE-0-2026-29145)

Vulnerability from cvelistv5 – Published: 2026-04-09 19:20 – Updated: 2026-04-10 18:11

Title

Apache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabled

Summary

CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13. Users are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and 9.0.116, which fix the issue.

Severity ?

No CVSS data available.

CWE

CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled

Assigner

apache

References

1 reference

URL	Tags
https://lists.apache.org/thread/yz5fxmhd2j43wgqyk…	vendor-advisory

Impacted products

2 products

Vendor	Product	Version
Apache Software Foundation	Apache Tomcat	Affected: 11.0.0-M1 , ≤ 11.0.18 (semver) Affected: 10.1.0-M7 , ≤ 10.1.52 (semver) Affected: 9.0.83 , ≤ 9.0.115 (semver) Unaffected: 0 , ≤ 8.5.100 (semver)
Apache Software Foundation	Apache Tomcat Native	Affected: 1.1.23 , ≤ 1.1.34 (semver) Affected: 1.2.0 , ≤ 1.2.39 (semver) Affected: 1.3.0 , ≤ 1.3.6 (semver) Affected: 2.0.0 , ≤ 2.0.13 (semver)

Credits

gregk4sec (https://github.com/gregk4sec)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-04-09T23:15:49.788Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/09/23"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-29145",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-10T18:10:50.492750Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-287",
                "description": "CWE-287 Improper Authentication",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-10T18:11:31.014Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "11.0.18",
              "status": "affected",
              "version": "11.0.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.1.52",
              "status": "affected",
              "version": "10.1.0-M7",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.0.115",
              "status": "affected",
              "version": "9.0.83",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.100",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Apache Tomcat Native",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "1.1.34",
              "status": "affected",
              "version": "1.1.23",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.2.39",
              "status": "affected",
              "version": "1.2.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "1.3.6",
              "status": "affected",
              "version": "1.3.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "2.0.13",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "gregk4sec (https://github.com/gregk4sec)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eCLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and 9.0.116, which fix the issue.\u003c/p\u003e"
            }
          ],
          "value": "CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13.\n\nUsers are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and 9.0.116, which fix the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "moderate"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-09T19:20:24.601Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Tomcat, Apache Tomcat Native: OCSP checks sometimes soft-fail even when soft-fail is disabled",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-29145",
    "datePublished": "2026-04-09T19:20:24.601Z",
    "dateReserved": "2026-03-04T09:52:45.179Z",
    "dateUpdated": "2026-04-10T18:11:31.014Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-29146 (GCVE-0-2026-29146)

Vulnerability from cvelistv5 – Published: 2026-04-09 19:21 – Updated: 2026-04-10 18:17

Title

Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default

Summary

Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue.

Severity ?

No CVSS data available.

CWE

Padding Oracle

Assigner

apache

References

1 reference

URL	Tags
https://lists.apache.org/thread/lzt04z2pb3dc5tk85…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache Tomcat	Affected: 11.0.0-M1 , ≤ 11.0.18 (semver) Affected: 10.0.0-M1 , ≤ 10.1.52 (semver) Affected: 9.0.13 , ≤ 9.0.115 (semver) Affected: 8.5.38 , ≤ 8.5.100 (semver) Affected: 7.0.100 , ≤ 7.0.109 (semver)

Credits

Uri Katz and Avi Lumelsky (Oligo Security)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-04-09T23:15:51.111Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/09/24"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-29146",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-10T18:17:02.531112Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-209",
                "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-642",
                "description": "CWE-642 External Control of Critical State Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-10T18:17:59.908Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "11.0.18",
              "status": "affected",
              "version": "11.0.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.1.52",
              "status": "affected",
              "version": "10.0.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.0.115",
              "status": "affected",
              "version": "9.0.13",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.100",
              "status": "affected",
              "version": "8.5.38",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.109",
              "status": "affected",
              "version": "7.0.100",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Uri Katz and Avi Lumelsky (Oligo Security)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePadding Oracle vulnerability in Apache Tomcat\u0027s EncryptInterceptor with default configuration.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Padding Oracle vulnerability in Apache Tomcat\u0027s EncryptInterceptor with default configuration.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109.\n\nUsers are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "important"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Padding Oracle",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-09T19:21:57.289Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/lzt04z2pb3dc5tk85obn80xygw3z1p0w"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Tomcat: EncryptInterceptor vulnerable to padding oracle attack by default",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-29146",
    "datePublished": "2026-04-09T19:21:57.289Z",
    "dateReserved": "2026-03-04T10:35:55.231Z",
    "dateUpdated": "2026-04-10T18:17:59.908Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-29786 (GCVE-0-2026-29786)

Vulnerability from cvelistv5 – Published: 2026-03-07 15:32 – Updated: 2026-03-09 18:26

Title

node-tar: Hardlink Path Traversal via Drive-Relative Linkpath

Summary

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This issue has been patched in version 7.5.10.

Severity ?

8.2 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/isaacs/node-tar/security/advis…	x_refsource_CONFIRM
https://github.com/isaacs/node-tar/commit/7bc755d…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
isaacs	node-tar	Affected: < 7.5.10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-29786",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-09T17:52:29.312917Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-09T18:26:34.057Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "node-tar",
          "vendor": "isaacs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.5.10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.10, tar can be tricked into creating a hardlink that points outside the extraction directory by using a drive-relative link target such as C:../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This issue has been patched in version 7.5.10."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-07T15:32:22.748Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/isaacs/node-tar/security/advisories/GHSA-qffp-2rhf-9h96",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-qffp-2rhf-9h96"
        },
        {
          "name": "https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/isaacs/node-tar/commit/7bc755dd85e623c0279e08eb3784909e6d7e4b9f"
        }
      ],
      "source": {
        "advisory": "GHSA-qffp-2rhf-9h96",
        "discovery": "UNKNOWN"
      },
      "title": "node-tar: Hardlink Path Traversal via Drive-Relative Linkpath"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-29786",
    "datePublished": "2026-03-07T15:32:22.748Z",
    "dateReserved": "2026-03-04T16:26:02.899Z",
    "dateUpdated": "2026-03-09T18:26:34.057Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-31802 (GCVE-0-2026-31802)

Vulnerability from cvelistv5 – Published: 2026-03-09 21:11 – Updated: 2026-03-10 14:56

Title

node-tar Symlink Path Traversal via Drive-Relative Linkpath

Summary

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This vulnerability is fixed in 7.5.11.

Severity ?

8.2 (High)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/isaacs/node-tar/security/advis…	x_refsource_CONFIRM
https://github.com/isaacs/node-tar/commit/f48b5fa…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
isaacs	node-tar	Affected: < 7.5.11

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-31802",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-10T14:56:31.266727Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-10T14:56:35.229Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-9ppj-qmqm-q256"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "node-tar",
          "vendor": "isaacs",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 7.5.11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar (npm) can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x() extraction. This vulnerability is fixed in 7.5.11."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-09T21:11:56.668Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/isaacs/node-tar/security/advisories/GHSA-9ppj-qmqm-q256",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-9ppj-qmqm-q256"
        },
        {
          "name": "https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/isaacs/node-tar/commit/f48b5fa3b7985ddab96dc0f2125a4ffc9911b6ad"
        }
      ],
      "source": {
        "advisory": "GHSA-9ppj-qmqm-q256",
        "discovery": "UNKNOWN"
      },
      "title": "node-tar Symlink Path Traversal via Drive-Relative Linkpath"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-31802",
    "datePublished": "2026-03-09T21:11:56.668Z",
    "dateReserved": "2026-03-09T16:33:42.913Z",
    "dateUpdated": "2026-03-10T14:56:35.229Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33750 (GCVE-0-2026-33750)

Vulnerability from cvelistv5 – Published: 2026-03-27 14:04 – Updated: 2026-03-27 14:48

Title

brace-expansion: Zero-step sequence causes process hang and memory exhaustion

Summary

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

GitHub_M

References

10 references

URL	Tags
https://github.com/juliangruber/brace-expansion/s…	x_refsource_CONFIRM
https://github.com/juliangruber/brace-expansion/i…	x_refsource_MISC
https://github.com/juliangruber/brace-expansion/pull/95	x_refsource_MISC
https://github.com/juliangruber/brace-expansion/pull/96	x_refsource_MISC
https://github.com/juliangruber/brace-expansion/pull/97	x_refsource_MISC
https://github.com/juliangruber/brace-expansion/c…	x_refsource_MISC
https://github.com/juliangruber/brace-expansion/c…	x_refsource_MISC
https://github.com/juliangruber/brace-expansion/c…	x_refsource_MISC
https://github.com/juliangruber/brace-expansion/b…	x_refsource_MISC
https://github.com/juliangruber/brace-expansion/b…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
juliangruber	brace-expansion	Affected: >= 4.0.0, < 5.0.5 Affected: >= 3.0.0, < 3.0.2 Affected: >= 2.0.0, < 2.0.3 Affected: < 1.1.13

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33750",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-27T14:47:58.490818Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-27T14:48:06.779Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "brace-expansion",
          "vendor": "juliangruber",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 5.0.5"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.0.0, \u003c 3.0.2"
            },
            {
              "status": "affected",
              "version": "\u003e= 2.0.0, \u003c 2.0.3"
            },
            {
              "status": "affected",
              "version": "\u003c 1.1.13"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-27T14:04:52.297Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/juliangruber/brace-expansion/security/advisories/GHSA-f886-m6hf-6m8v"
        },
        {
          "name": "https://github.com/juliangruber/brace-expansion/issues/98",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/juliangruber/brace-expansion/issues/98"
        },
        {
          "name": "https://github.com/juliangruber/brace-expansion/pull/95",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/juliangruber/brace-expansion/pull/95"
        },
        {
          "name": "https://github.com/juliangruber/brace-expansion/pull/96",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/juliangruber/brace-expansion/pull/96"
        },
        {
          "name": "https://github.com/juliangruber/brace-expansion/pull/97",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/juliangruber/brace-expansion/pull/97"
        },
        {
          "name": "https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/juliangruber/brace-expansion/commit/311ac0d54994158c0a384e286a7d6cbb17ee8ed5"
        },
        {
          "name": "https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/juliangruber/brace-expansion/commit/7fd684f89fdde3549563d0a6522226a9189472a2"
        },
        {
          "name": "https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/juliangruber/brace-expansion/commit/b9cacd9e55e7a1fa588fe4b7bb1159d52f1d902a"
        },
        {
          "name": "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L107-L113"
        },
        {
          "name": "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/juliangruber/brace-expansion/blob/daa71bcb4a30a2df9bcb7f7b8daaf2ab30e5794a/src/index.ts#L184"
        }
      ],
      "source": {
        "advisory": "GHSA-f886-m6hf-6m8v",
        "discovery": "UNKNOWN"
      },
      "title": "brace-expansion: Zero-step sequence causes process hang and memory exhaustion"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33750",
    "datePublished": "2026-03-27T14:04:52.297Z",
    "dateReserved": "2026-03-23T18:30:14.124Z",
    "dateUpdated": "2026-03-27T14:48:06.779Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-34483 (GCVE-0-2026-34483)

Vulnerability from cvelistv5 – Published: 2026-04-09 19:30 – Updated: 2026-04-10 20:17

Title

Apache Tomcat: Incomplete escaping of JSON access logs

Summary

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117 , which fix the issue.

Severity ?

No CVSS data available.

CWE

CWE-116 - Improper Encoding or Escaping of Output

Assigner

apache

References

1 reference

URL	Tags
https://lists.apache.org/thread/j1w7304yonlr8vo1t…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache Tomcat	Affected: 11.0.0-M1 , ≤ 11.0.20 (semver) Affected: 10.1.0-M1 , ≤ 10.1.53 (semver) Affected: 9.0.40 , ≤ 9.0.116 (semver) Affected: 8.5.84 , ≤ 8.5.100 (semver) Unaffected: 0 , ≤ 8.5.83 (semver)

Credits

Bartlomiej Dmitruk, striga.ai

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-04-09T23:15:53.097Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/09/26"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-34483",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-10T20:16:32.864927Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-10T20:17:38.858Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "11.0.20",
              "status": "affected",
              "version": "11.0.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "10.1.53",
              "status": "affected",
              "version": "10.1.0-M1",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "9.0.116",
              "status": "affected",
              "version": "9.0.40",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.100",
              "status": "affected",
              "version": "8.5.84",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.5.83",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Bartlomiej Dmitruk, striga.ai"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat.\u003c/p\u003e\u003cp\u003eThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117 , which fix the issue.\u003c/p\u003e"
            }
          ],
          "value": "Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117 , which fix the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-116",
              "description": "CWE-116 Improper Encoding or Escaping of Output",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-09T19:30:28.874Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.apache.org/thread/j1w7304yonlr8vo1tkb5nfs7od1y228b"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Apache Tomcat: Incomplete escaping of JSON access logs",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-34483",
    "datePublished": "2026-04-09T19:30:28.874Z",
    "dateReserved": "2026-03-30T07:40:44.705Z",
    "dateUpdated": "2026-04-10T20:17:38.858Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-1608

CVE-2026-27727 (GCVE-0-2026-27727)

CVE-2026-27830 (GCVE-0-2026-27830)

CVE-2026-29062 (GCVE-0-2026-29062)

CVE-2026-29129 (GCVE-0-2026-29129)

CVE-2026-29145 (GCVE-0-2026-29145)

CVE-2026-29146 (GCVE-0-2026-29146)

CVE-2026-29786 (GCVE-0-2026-29786)

CVE-2026-31802 (GCVE-0-2026-31802)

CVE-2026-33750 (GCVE-0-2026-33750)

CVE-2026-34483 (GCVE-0-2026-34483)

Tags

Sightings

Nomenclature