Is Tomcat affected by EUVD-2026-21053?

Apache Tomcat's JsonAccessLogValve contains an information disclosure vulnerability affecting versions 9.0.40-9.0.116, 10.1.0-M1-10.1.53, and 11.0.0-M1-11.0.20, allowing unauthenticated remote attackers to retrieve sensitive data through improper output encoding.

EUVD-2026-21053

| CVE-2026-34483 HIGH

2026-04-09 apache

GHSA-rv64-5gf8-9qq8

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Patch Released

Apr 11, 2026 - 02:30 nvd

Patch available

Analysis Generated

Apr 09, 2026 - 20:15 vuln.today

EUVD ID Assigned

Apr 09, 2026 - 20:15 euvd

EUVD-2026-21053

CVE Published

Apr 09, 2026 - 19:30 nvd

HIGH 7.5

Description

Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117 , which fix the issue.

Analysis

Information disclosure in Apache Tomcat's JsonAccessLogValve allows unauthenticated remote attackers to retrieve sensitive data due to improper output encoding. Affects Tomcat versions 11.0.0-M1 through 11.0.20, 10.1.0-M1 through 10.1.53, and 9.0.40 through 9.0.116. …

Remediation

Within 24 hours: Inventory all Tomcat instances and identify those running affected versions (9.x, 10.x, or 11.x within stated ranges) and confirm if JsonAccessLogValve is enabled in logging configurations. Within 7 days: Implement network-level access restrictions to Tomcat access log endpoints and disable JsonAccessLogValve if not operationally critical; contact Apache Tomcat security for patch timeline guidance. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: 0

EUVD-2026-21053 vulnerability details – vuln.today

Back

EUVD-2026-21053

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-21053

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code