Apache Tomcat FFM CRL Error Condition Vulnerability (<=11.0.22,10.1.55,9.0.118)
CVE-2026-53434 Published on June 29, 2026
Apache Tomcat: Invalid CRL configuration doesn't trigger failure for FFM Connector
Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector.
This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118.
Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fixes the issue.
Weakness Type
Detection of Error Condition Without Action
The software detects a specific error, but takes no actions to handle the error.
Products Associated with CVE-2026-53434
Want to know whenever a new CVE is published for Apache Tomcat? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Tomcat:- Version 11.0.0-M1, <= 11.0.22 is affected.
- Version 10.1.0-M7, <= 10.1.55 is affected.
- Version 9.0.83, <= 9.0.118 is affected.
- Before and including 9.0.82 is unaffected.