CVE-2026-29146

Gravedad:

Pendiente de análisis

Tipo:

No Disponible / Otro tipo

Fecha de publicación:

09/04/2026

Última modificación:

10/04/2026

Descripción

*** Pendiente de traducción *** Padding Oracle vulnerability in Apache Tomcat&#39;s EncryptInterceptor with default configuration.<br /> <br /> This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109.<br /> <br /> Users are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue.

Impacto

Referencias a soluciones, herramientas e información

https://lists.apache.org/thread/lzt04z2pb3dc5tk85obn80xygw3z1p0w
http://www.openwall.com/lists/oss-security/2026/04/09/24