CVE-2026-53434
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk29th percentile — higher than 29% of all known CVEs
Summary
A vulnerability was found in Apache Tomcat where a detection of error condition without action occurs when configuring CRLs for a FFM based connector. Affected versions are from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, and from 9.0.83 through 9.0.118.
Risk Assessment
The organization may face improper certificate validation, potentially allowing revoked certificates to be accepted, compromising communication security.
Recommendation
Upgrade Apache Tomcat to version 11.0.23, 10.1.56, or 9.0.119 immediately, as these versions contain the fix for this vulnerability.
Original NVD description (English source)
Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fixes the issue.

