Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-d1fm-vbd1-n7au
Vulnerability ID VCID-d1fm-vbd1-n7au
Aliases CVE-2026-34487
GHSA-x4m4-345f-5h5g
Summary
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-532 Insertion of Sensitive Information into Log File
CWE-538 Insertion of Sensitive Information into Externally-Accessible File or Directory
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34487.json
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2026-34487
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2026-34487
epss 0.00031 https://api.first.org/data/v1/epss?cve=CVE-2026-34487
apache_tomcat Low https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34487
cvssv3.1 5.9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-x4m4-345f-5h5g
cvssv3.1 7.5 https://github.com/apache/tomcat
generic_textual HIGH https://github.com/apache/tomcat
cvssv3.1 7.5 https://lists.apache.org/thread/4xpkwolpkrj8v5xzp5nyovtlqp3y850h
generic_textual HIGH https://lists.apache.org/thread/4xpkwolpkrj8v5xzp5nyovtlqp3y850h
ssvc Track https://lists.apache.org/thread/4xpkwolpkrj8v5xzp5nyovtlqp3y850h
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2026-34487
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2026-34487
cvssv3.1 7.5 http://www.openwall.com/lists/oss-security/2026/04/09/28
generic_textual HIGH http://www.openwall.com/lists/oss-security/2026/04/09/28
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34487.json
https://api.first.org/data/v1/epss?cve=CVE-2026-34487
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/apache/tomcat
https://github.com/apache/tomcat/commit/301bc6efbf72feb14dacfdfa3f50372182736150
https://github.com/apache/tomcat/commit/5eff2a773b8b728083e5195b3183df1b9e12a03d
https://github.com/apache/tomcat/commit/f593292a082e5ef9336a8db2b4b522f7f3e36976
https://lists.apache.org/thread/4xpkwolpkrj8v5xzp5nyovtlqp3y850h
https://nvd.nist.gov/vuln/detail/CVE-2026-34487
http://www.openwall.com/lists/oss-security/2026/04/09/28
1133356 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133356
1133357 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133357
2457038 https://bugzilla.redhat.com/show_bug.cgi?id=2457038
CVE-2026-34487 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34487
GHSA-x4m4-345f-5h5g https://github.com/advisories/GHSA-x4m4-345f-5h5g
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34487.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/apache/tomcat
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread/4xpkwolpkrj8v5xzp5nyovtlqp3y850h
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:47:28Z/ Found at https://lists.apache.org/thread/4xpkwolpkrj8v5xzp5nyovtlqp3y850h
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2026-34487
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://www.openwall.com/lists/oss-security/2026/04/09/28
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.08877
EPSS Score 0.00031
Published At April 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-10T00:03:25.773749+00:00 Apache Tomcat Importer Import https://tomcat.apache.org/security-11.html 38.1.0