Apache Tomcat FFM CRL Error Condition Vulnerability (<=11.0.22,10.1.55,9.0.118)
CVE-2026-53434 Published on June 29, 2026

Apache Tomcat: Invalid CRL configuration doesn't trigger failure for FFM Connector
Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fixes the issue.

Vendor Advisory NVD

Weakness Type

Detection of Error Condition Without Action

The software detects a specific error, but takes no actions to handle the error.


Products Associated with CVE-2026-53434

Want to know whenever a new CVE is published for Apache Tomcat? stack.watch will email you.

 

Affected Versions

Apache Software Foundation Apache Tomcat: