{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Critical" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"tomcat security update", "category":"general", "title":"Synopsis" }, { "text":"An update for tomcat is now available for openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2", "category":"general", "title":"Summary" }, { "text":"Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process.\n\nSecurity Fix(es):\n\nInconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Apache Tomcat via invalid chunk extension.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109.\nOther, unsupported versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.52 or 9.0.116, which fix the issue.(CVE-2026-24880)\n\nOccasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via the LoadBalancerDrainingValve.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100.\nOther, unsupported versions may also be affected\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.(CVE-2026-25854)\n\nConfigured cipher preference order not preserved vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.(CVE-2026-29129)\n\nCLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13.\n\nUsers are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and 9.0.116, which fix the issue.(CVE-2026-29145)\n\nPadding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109.\n\nUsers are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue.(CVE-2026-29146)\n\nImproper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614.\n\nThis issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.(CVE-2026-32990)\n\nImproper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117 , which fix the issue.(CVE-2026-34483)\n\nMissing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor.\n\nThis issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.(CVE-2026-34486)\n\nInsertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.(CVE-2026-34487)\n\nCLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fixes the issue.(CVE-2026-34500)", "category":"general", "title":"Description" }, { "text":"An update for tomcat is now available for openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2.\n\nopenEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Critical", "category":"general", "title":"Severity" }, { "text":"tomcat", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-1970", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1970" }, { "summary":"CVE-2026-24880", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-24880&packageName=tomcat" }, { "summary":"CVE-2026-25854", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-25854&packageName=tomcat" }, { "summary":"CVE-2026-29129", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-29129&packageName=tomcat" }, { "summary":"CVE-2026-29145", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-29145&packageName=tomcat" }, { "summary":"CVE-2026-29146", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-29146&packageName=tomcat" }, { "summary":"CVE-2026-32990", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-32990&packageName=tomcat" }, { "summary":"CVE-2026-34483", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-34483&packageName=tomcat" }, { "summary":"CVE-2026-34486", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-34486&packageName=tomcat" }, { "summary":"CVE-2026-34487", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-34487&packageName=tomcat" }, { "summary":"CVE-2026-34500", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-34500&packageName=tomcat" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24880" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25854" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29129" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29145" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-29146" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32990" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34483" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34486" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34487" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-34500" }, { "summary":"openEuler-SA-2026-1970 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-1970.json" } ], "title":"An update for tomcat is now available for openEuler-24.03-LTS-SP3,openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2", "tracking":{ "initial_release_date":"2026-04-17T21:04:35+08:00", "revision_history":[ { "date":"2026-04-17T21:04:35+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-04-17T21:04:35+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-04-17T21:04:35+08:00", "id":"openEuler-SA-2026-1970", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"openEuler-24.03-LTS-SP3", "name":"openEuler-24.03-LTS-SP3" }, "name":"openEuler-24.03-LTS-SP3", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"openEuler-20.03-LTS-SP4", "name":"openEuler-20.03-LTS-SP4" }, "name":"openEuler-20.03-LTS-SP4", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"openEuler-22.03-LTS-SP4", "name":"openEuler-22.03-LTS-SP4" }, "name":"openEuler-22.03-LTS-SP4", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"openEuler-24.03-LTS", "name":"openEuler-24.03-LTS" }, "name":"openEuler-24.03-LTS", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"openEuler-24.03-LTS-SP1", "name":"openEuler-24.03-LTS-SP1" }, "name":"openEuler-24.03-LTS-SP1", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"openEuler-24.03-LTS-SP2", "name":"openEuler-24.03-LTS-SP2" }, "name":"openEuler-24.03-LTS-SP2", "category":"product_version" } ], "category":"product_name" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"tomcat-9.0.117-1.oe2403sp3.noarch.rpm", "name":"tomcat-9.0.117-1.oe2403sp3.noarch.rpm" }, "name":"tomcat-9.0.117-1.oe2403sp3.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"tomcat-help-9.0.117-1.oe2403sp3.noarch.rpm", "name":"tomcat-help-9.0.117-1.oe2403sp3.noarch.rpm" }, "name":"tomcat-help-9.0.117-1.oe2403sp3.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"tomcat-jsvc-9.0.117-1.oe2403sp3.noarch.rpm", "name":"tomcat-jsvc-9.0.117-1.oe2403sp3.noarch.rpm" }, "name":"tomcat-jsvc-9.0.117-1.oe2403sp3.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"tomcat-9.0.117-1.oe2003sp4.noarch.rpm", "name":"tomcat-9.0.117-1.oe2003sp4.noarch.rpm" }, "name":"tomcat-9.0.117-1.oe2003sp4.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"tomcat-help-9.0.117-1.oe2003sp4.noarch.rpm", "name":"tomcat-help-9.0.117-1.oe2003sp4.noarch.rpm" }, "name":"tomcat-help-9.0.117-1.oe2003sp4.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"tomcat-jsvc-9.0.117-1.oe2003sp4.noarch.rpm", "name":"tomcat-jsvc-9.0.117-1.oe2003sp4.noarch.rpm" }, "name":"tomcat-jsvc-9.0.117-1.oe2003sp4.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"tomcat-9.0.117-1.oe2203sp4.noarch.rpm", "name":"tomcat-9.0.117-1.oe2203sp4.noarch.rpm" }, "name":"tomcat-9.0.117-1.oe2203sp4.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"tomcat-help-9.0.117-1.oe2203sp4.noarch.rpm", "name":"tomcat-help-9.0.117-1.oe2203sp4.noarch.rpm" }, "name":"tomcat-help-9.0.117-1.oe2203sp4.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"tomcat-jsvc-9.0.117-1.oe2203sp4.noarch.rpm", "name":"tomcat-jsvc-9.0.117-1.oe2203sp4.noarch.rpm" }, "name":"tomcat-jsvc-9.0.117-1.oe2203sp4.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"tomcat-9.0.117-1.oe2403.noarch.rpm", "name":"tomcat-9.0.117-1.oe2403.noarch.rpm" }, "name":"tomcat-9.0.117-1.oe2403.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"tomcat-help-9.0.117-1.oe2403.noarch.rpm", "name":"tomcat-help-9.0.117-1.oe2403.noarch.rpm" }, "name":"tomcat-help-9.0.117-1.oe2403.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"tomcat-jsvc-9.0.117-1.oe2403.noarch.rpm", "name":"tomcat-jsvc-9.0.117-1.oe2403.noarch.rpm" }, "name":"tomcat-jsvc-9.0.117-1.oe2403.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"tomcat-9.0.117-1.oe2403sp1.noarch.rpm", "name":"tomcat-9.0.117-1.oe2403sp1.noarch.rpm" }, "name":"tomcat-9.0.117-1.oe2403sp1.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"tomcat-help-9.0.117-1.oe2403sp1.noarch.rpm", "name":"tomcat-help-9.0.117-1.oe2403sp1.noarch.rpm" }, "name":"tomcat-help-9.0.117-1.oe2403sp1.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"tomcat-jsvc-9.0.117-1.oe2403sp1.noarch.rpm", "name":"tomcat-jsvc-9.0.117-1.oe2403sp1.noarch.rpm" }, "name":"tomcat-jsvc-9.0.117-1.oe2403sp1.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"tomcat-9.0.117-1.oe2403sp2.noarch.rpm", "name":"tomcat-9.0.117-1.oe2403sp2.noarch.rpm" }, "name":"tomcat-9.0.117-1.oe2403sp2.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"tomcat-help-9.0.117-1.oe2403sp2.noarch.rpm", "name":"tomcat-help-9.0.117-1.oe2403sp2.noarch.rpm" }, "name":"tomcat-help-9.0.117-1.oe2403sp2.noarch.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"tomcat-jsvc-9.0.117-1.oe2403sp2.noarch.rpm", "name":"tomcat-jsvc-9.0.117-1.oe2403sp2.noarch.rpm" }, "name":"tomcat-jsvc-9.0.117-1.oe2403sp2.noarch.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP3" }, "product_id":"tomcat-9.0.117-1.oe2403sp3.src.rpm", "name":"tomcat-9.0.117-1.oe2403sp3.src.rpm" }, "name":"tomcat-9.0.117-1.oe2403sp3.src.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"tomcat-9.0.117-1.oe2003sp4.src.rpm", "name":"tomcat-9.0.117-1.oe2003sp4.src.rpm" }, "name":"tomcat-9.0.117-1.oe2003sp4.src.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP4" }, "product_id":"tomcat-9.0.117-1.oe2203sp4.src.rpm", "name":"tomcat-9.0.117-1.oe2203sp4.src.rpm" }, "name":"tomcat-9.0.117-1.oe2203sp4.src.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"tomcat-9.0.117-1.oe2403.src.rpm", "name":"tomcat-9.0.117-1.oe2403.src.rpm" }, "name":"tomcat-9.0.117-1.oe2403.src.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP1" }, "product_id":"tomcat-9.0.117-1.oe2403sp1.src.rpm", "name":"tomcat-9.0.117-1.oe2403sp1.src.rpm" }, "name":"tomcat-9.0.117-1.oe2403sp1.src.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS-SP2" }, "product_id":"tomcat-9.0.117-1.oe2403sp2.src.rpm", "name":"tomcat-9.0.117-1.oe2403sp2.src.rpm" }, "name":"tomcat-9.0.117-1.oe2403sp2.src.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"tomcat-9.0.117-1.oe2403sp3.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:tomcat-9.0.117-1.oe2403sp3.noarch", "name":"tomcat-9.0.117-1.oe2403sp3.noarch as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"tomcat-help-9.0.117-1.oe2403sp3.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:tomcat-help-9.0.117-1.oe2403sp3.noarch", "name":"tomcat-help-9.0.117-1.oe2403sp3.noarch as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"tomcat-jsvc-9.0.117-1.oe2403sp3.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:tomcat-jsvc-9.0.117-1.oe2403sp3.noarch", "name":"tomcat-jsvc-9.0.117-1.oe2403sp3.noarch as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"tomcat-9.0.117-1.oe2003sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:tomcat-9.0.117-1.oe2003sp4.noarch", "name":"tomcat-9.0.117-1.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"tomcat-help-9.0.117-1.oe2003sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:tomcat-help-9.0.117-1.oe2003sp4.noarch", "name":"tomcat-help-9.0.117-1.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"tomcat-jsvc-9.0.117-1.oe2003sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:tomcat-jsvc-9.0.117-1.oe2003sp4.noarch", "name":"tomcat-jsvc-9.0.117-1.oe2003sp4.noarch as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"tomcat-9.0.117-1.oe2203sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:tomcat-9.0.117-1.oe2203sp4.noarch", "name":"tomcat-9.0.117-1.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"tomcat-help-9.0.117-1.oe2203sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:tomcat-help-9.0.117-1.oe2203sp4.noarch", "name":"tomcat-help-9.0.117-1.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"tomcat-jsvc-9.0.117-1.oe2203sp4.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:tomcat-jsvc-9.0.117-1.oe2203sp4.noarch", "name":"tomcat-jsvc-9.0.117-1.oe2203sp4.noarch as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"tomcat-9.0.117-1.oe2403.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:tomcat-9.0.117-1.oe2403.noarch", "name":"tomcat-9.0.117-1.oe2403.noarch as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"tomcat-help-9.0.117-1.oe2403.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:tomcat-help-9.0.117-1.oe2403.noarch", "name":"tomcat-help-9.0.117-1.oe2403.noarch as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"tomcat-jsvc-9.0.117-1.oe2403.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:tomcat-jsvc-9.0.117-1.oe2403.noarch", "name":"tomcat-jsvc-9.0.117-1.oe2403.noarch as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"tomcat-9.0.117-1.oe2403sp1.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:tomcat-9.0.117-1.oe2403sp1.noarch", "name":"tomcat-9.0.117-1.oe2403sp1.noarch as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"tomcat-help-9.0.117-1.oe2403sp1.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:tomcat-help-9.0.117-1.oe2403sp1.noarch", "name":"tomcat-help-9.0.117-1.oe2403sp1.noarch as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"tomcat-jsvc-9.0.117-1.oe2403sp1.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:tomcat-jsvc-9.0.117-1.oe2403sp1.noarch", "name":"tomcat-jsvc-9.0.117-1.oe2403sp1.noarch as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"tomcat-9.0.117-1.oe2403sp2.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:tomcat-9.0.117-1.oe2403sp2.noarch", "name":"tomcat-9.0.117-1.oe2403sp2.noarch as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"tomcat-help-9.0.117-1.oe2403sp2.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:tomcat-help-9.0.117-1.oe2403sp2.noarch", "name":"tomcat-help-9.0.117-1.oe2403sp2.noarch as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"tomcat-jsvc-9.0.117-1.oe2403sp2.noarch.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:tomcat-jsvc-9.0.117-1.oe2403sp2.noarch", "name":"tomcat-jsvc-9.0.117-1.oe2403sp2.noarch as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP3", "product_reference":"tomcat-9.0.117-1.oe2403sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP3:tomcat-9.0.117-1.oe2403sp3.src", "name":"tomcat-9.0.117-1.oe2403sp3.src as a component of openEuler-24.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"tomcat-9.0.117-1.oe2003sp4.src.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:tomcat-9.0.117-1.oe2003sp4.src", "name":"tomcat-9.0.117-1.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP4", "product_reference":"tomcat-9.0.117-1.oe2203sp4.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP4:tomcat-9.0.117-1.oe2203sp4.src", "name":"tomcat-9.0.117-1.oe2203sp4.src as a component of openEuler-22.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"tomcat-9.0.117-1.oe2403.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:tomcat-9.0.117-1.oe2403.src", "name":"tomcat-9.0.117-1.oe2403.src as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP1", "product_reference":"tomcat-9.0.117-1.oe2403sp1.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP1:tomcat-9.0.117-1.oe2403sp1.src", "name":"tomcat-9.0.117-1.oe2403sp1.src as a component of openEuler-24.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS-SP2", "product_reference":"tomcat-9.0.117-1.oe2403sp2.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS-SP2:tomcat-9.0.117-1.oe2403sp2.src", "name":"tomcat-9.0.117-1.oe2403sp2.src as a component of openEuler-24.03-LTS-SP2" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2026-24880", "notes":[ { "text":"Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Apache Tomcat via invalid chunk extension.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109.\nOther, unsupported versions may also be affected.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.52 or 9.0.116, which fix the issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS-SP3:tomcat-9.0.117-1.oe2403sp3.noarch", "openEuler-24.03-LTS-SP3:tomcat-help-9.0.117-1.oe2403sp3.noarch", "openEuler-24.03-LTS-SP3:tomcat-jsvc-9.0.117-1.oe2403sp3.noarch", "openEuler-20.03-LTS-SP4:tomcat-9.0.117-1.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:tomcat-help-9.0.117-1.oe2003sp4.noarch", "openEuler-20.03-LTS-SP4:tomcat-jsvc-9.0.117-1.oe2003sp4.noarch", "openEuler-22.03-LTS-SP4:tomcat-9.0.117-1.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:tomcat-help-9.0.117-1.oe2203sp4.noarch", "openEuler-22.03-LTS-SP4:tomcat-jsvc-9.0.117-1.oe2203sp4.noarch", "openEuler-24.03-LTS:tomcat-9.0.117-1.oe2403.noarch", "openEuler-24.03-LTS:tomcat-help-9.0.117-1.oe2403.noarch", "openEuler-24.03-LTS:tomcat-jsvc-9.0.117-1.oe2403.noarch", "openEuler-24.03-LTS-SP1:tomcat-9.0.117-1.oe2403sp1.noarch", "openEuler-24.03-LTS-SP1:tomcat-help-9.0.117-1.oe2403sp1.noarch", "openEuler-24.03-LTS-SP1:tomcat-jsvc-9.0.117-1.oe2403sp1.noarch", "openEuler-24.03-LTS-SP2:tomcat-9.0.117-1.oe2403sp2.noarch", "openEuler-24.03-LTS-SP2:tomcat-help-9.0.117-1.oe2403sp2.noarch", "openEuler-24.03-LTS-SP2:tomcat-jsvc-9.0.117-1.oe2403sp2.noarch", "openEuler-24.03-LTS-SP3:tomcat-9.0.117-1.oe2403sp3.src", "openEuler-20.03-LTS-SP4:tomcat-9.0.117-1.oe2003sp4.src", "openEuler-22.03-LTS-SP4:tomcat-9.0.117-1.oe2203sp4.src", "openEuler-24.03-LTS:tomcat-9.0.117-1.oe2403.src", "openEuler-24.03-LTS-SP1:tomcat-9.0.117-1.oe2403sp1.src", "openEuler-24.03-LTS-SP2:tomcat-9.0.117-1.oe2403sp2.src" ] }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"tomcat security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1970" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-24880" }, { "cve":"CVE-2026-25854", "notes":[ { "text":"Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via the LoadBalancerDrainingValve.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100.\nOther, unsupported versions may also be affected\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"tomcat security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1970" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-25854" }, { "cve":"CVE-2026-29129", "notes":[ { "text":"Configured cipher preference order not preserved vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"tomcat security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1970" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-29129" }, { "cve":"CVE-2026-29145", "notes":[ { "text":"CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13.\n\nUsers are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and 9.0.116, which fix the issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"tomcat security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1970" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.1, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2026-29145" }, { "cve":"CVE-2026-29146", "notes":[ { "text":"Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109.\n\nUsers are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"tomcat security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1970" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-29146" }, { "cve":"CVE-2026-32990", "notes":[ { "text":"Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614.\n\nThis issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115.\n\nUsers are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"tomcat security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1970" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-32990" }, { "cve":"CVE-2026-34483", "notes":[ { "text":"Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117 , which fix the issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"tomcat security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1970" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-34483" }, { "cve":"CVE-2026-34486", "notes":[ { "text":"Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor.\n\nThis issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"tomcat security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1970" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-34486" }, { "cve":"CVE-2026-34487", "notes":[ { "text":"Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"tomcat security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1970" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-34487" }, { "cve":"CVE-2026-34500", "notes":[ { "text":"CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116.\n\nUsers are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fixes the issue.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"tomcat security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1970" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.5, "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-34500" } ] }