Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Apache Tomcat Generation of Error Message Containing Sensitive Information Vulnerability - CVE-2026-29146 - Vulnerability Database
Apache Tomcat

Apache Tomcat Generation of Error Message Containing Sensitive Information Vulnerability - CVE-2026-29146

High
Reference: CVE-2026-29146
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2026-29146
Title: Apache Tomcat Generation of Error Message Containing Sensitive Information Vulnerability
Overview:

Padding Oracle vulnerability in Apache Tomcat39s EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18 from 10.0.0-M1 through 10.1.52 from 9.0.13 through 9..115 from 8.5.38 through 8.5.100 from 7.0.100 through 7.0.109. Users are recommended to upgrade to version 11.0.19 10.1.53 and 9.0.116 which fixes the issue.