CVE-2026-25854

{"id": "CVE-2026-25854", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2026-04-09T20:16:24.207", "references": [{"url": "https://lists.apache.org/thread/ghct3b6o74bp2vm7q875s1zh0dqrz3h0", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/09/21", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-601"}]}], "descriptions": [{"lang": "en", "value": "Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via the LoadBalancerDrainingValve.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100.\nOther, unsupported versions may also be affected\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue."}], "lastModified": "2026-04-14T14:01:07.417", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5585CA5A-76EA-43E1-BB66-BE1D80BDE1E9", "versionEndExcluding": "9.0.116", "versionStartIncluding": "9.0.1"}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D0914AD3-D9E6-470C-A858-64D0CFA3F733", "versionEndExcluding": "10.1.53", "versionStartIncluding": "10.1.0"}, {"criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F39B82B-0E67-459D-8065-2C6EE7970D0D", "versionEndExcluding": "11.0.20", "versionStartIncluding": "11.0.0"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7D8F2F4-AFE2-47EA-A3FD-79B54324DE02"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B4FBF97-DE16-4E5E-BE19-471E01818D40"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B266B1E-24B5-47EE-A421-E0E3CC0C7471"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29614C3A-6FB3-41C7-B56E-9CC3F45B04F0"}, {"criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6AB156C-8FF6-4727-AF75-590D0DCB3F9D"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}