Exploit for Missing Encryption of Sensitive Data in Apache Tomcat

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

CVE-2026-34486 — Apache Tomcat EncryptInterceptor RCE Apache Tomcat Tribes cluster communication module fails to discard messages when EncryptInterceptor decryption fails, allowing unauthenticated attackers to trigger Remote Code Execution via Java...

Visit Original Source

Basic Information

ID 05869CA7-92ED-5040-BB39-AE26A84D0EBA

Published Apr 15, 2026 at 12:40

Modified Apr 15, 2026 at 12:43

{
    "lastseen": "2026-04-15T12:44:25",
    "description": "CVE-2026-34486 \u2014 Apache Tomcat EncryptInterceptor RCE Apache Tomcat Tribes cluster communication module fails to discard messages when EncryptInterceptor decryption fails, allowing unauthenticated attackers to trigger Remote Code Execution via Java...",
    "published": "2026-04-15T12:40:13",
    "modified": "2026-04-15T12:43:09",
    "type": "githubexploit",
    "title": "Exploit for Missing Encryption of Sensitive Data in Apache Tomcat",
    "source": "",
    "references": "",
    "id": "05869CA7-92ED-5040-BB39-AE26A84D0EBA",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [
        "CVE-2026-34486"
    ],
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://github.com/404-src/CVE-2026-34486",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Exploit for Missing Encryption of Sensitive Data in Apache Tomcat_05869CA7-92ED-5040-BB39-AE26A84D0EBA

Description

Basic Information

💭 Join the Security Discussion ❌ Cancel Reply