Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Apache Tomcat URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2026-25854 - Vulnerability Database
Apache Tomcat

Apache Tomcat URL Redirection to Untrusted Site (Open Redirect) Vulnerability - CVE-2026-25854

Medium
Reference: CVE-2026-25854
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2026-25854
Title: Apache Tomcat URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Overview:

Occasional URL redirection to untrusted Site (39Open Redirect39) vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18 from 10.1.0-M1 through 10.1.52 from 9.0.0.M23 through 9.0.115 from 8.5.30 through 8.5.100. Other unsupported versions may also be affected Users are recommended to upgrade to version 11.0.20 10.1.53 or 9.0.116 which fix the issue.