VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-74tx-sx8a-guhs

Essentials
Severities (16)
References (15)
Severity details (13)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-74tx-sx8a-guhs
Aliases	CVE-2026-29145 GHSA-95jq-rwvf-vjx4
Summary
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-287	Improper Authentication
CWE-303	Incorrect Implementation of Authentication Algorithm

System	Score	Found at
cvssv3	5.9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29145.json
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2026-29145
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2026-29145
epss	0.00063	https://api.first.org/data/v1/epss?cve=CVE-2026-29145
apache_tomcat	Moderate	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29145
cvssv3.1	4.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-95jq-rwvf-vjx4
cvssv3.1	9.1	https://github.com/apache/tomcat
generic_textual	CRITICAL	https://github.com/apache/tomcat
cvssv3.1	9.1	https://lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz
generic_textual	CRITICAL	https://lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz
ssvc	Track	https://lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz
cvssv3.1	9.1	https://nvd.nist.gov/vuln/detail/CVE-2026-29145
generic_textual	CRITICAL	https://nvd.nist.gov/vuln/detail/CVE-2026-29145
cvssv3.1	9.1	http://www.openwall.com/lists/oss-security/2026/04/09/23
generic_textual	CRITICAL	http://www.openwall.com/lists/oss-security/2026/04/09/23

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29145.json
		https://api.first.org/data/v1/epss?cve=CVE-2026-29145
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/apache/tomcat
		https://github.com/apache/tomcat/commit/721591f7bff424c693f26adc18ae9b9abac3655b
		https://github.com/apache/tomcat/commit/d1406df5ae0326f39f54c3f64ac30d8fca55cd5b
		https://github.com/apache/tomcat/commit/fe26667cd2385045ac73f4dea086cc9971209b90
		https://lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz
		https://nvd.nist.gov/vuln/detail/CVE-2026-29145
		http://www.openwall.com/lists/oss-security/2026/04/09/23
1133356		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
1133357		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
2457037		https://bugzilla.redhat.com/show_bug.cgi?id=2457037
CVE-2026-29145		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29145
GHSA-95jq-rwvf-vjx4		https://github.com/advisories/GHSA-95jq-rwvf-vjx4

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29145.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://github.com/apache/tomcat

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T18:10:50Z/ Found at https://lists.apache.org/thread/yz5fxmhd2j43wgqykssdo7kltws57jfz

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2026-29145

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N Found at http://www.openwall.com/lists/oss-security/2026/04/09/23

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.19636
EPSS Score	0.00063
Published At	April 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-10T00:03:26.133689+00:00	Apache Tomcat Importer	Import	https://tomcat.apache.org/security-11.html	38.1.0