Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-34500

CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fixes the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 15.4%
CVSS Severity
CVSS v3 Score 6.5
Products affected by CVE-2026-34500
  • Apache » Tomcat » Version: 10.1.22
    cpe:2.3:a:apache:tomcat:10.1.22
  • Apache » Tomcat » Version: 10.1.23
    cpe:2.3:a:apache:tomcat:10.1.23
  • Apache » Tomcat » Version: 10.1.24
    cpe:2.3:a:apache:tomcat:10.1.24
  • Apache » Tomcat » Version: 10.1.25
    cpe:2.3:a:apache:tomcat:10.1.25
  • Apache » Tomcat » Version: 10.1.26
    cpe:2.3:a:apache:tomcat:10.1.26
  • Apache » Tomcat » Version: 10.1.27
    cpe:2.3:a:apache:tomcat:10.1.27
  • Apache » Tomcat » Version: 10.1.28
    cpe:2.3:a:apache:tomcat:10.1.28
  • Apache » Tomcat » Version: 10.1.29
    cpe:2.3:a:apache:tomcat:10.1.29
  • Apache » Tomcat » Version: 10.1.30
    cpe:2.3:a:apache:tomcat:10.1.30
  • Apache » Tomcat » Version: 10.1.31
    cpe:2.3:a:apache:tomcat:10.1.31
  • Apache » Tomcat » Version: 10.1.32
    cpe:2.3:a:apache:tomcat:10.1.32
  • Apache » Tomcat » Version: 10.1.33
    cpe:2.3:a:apache:tomcat:10.1.33
  • Apache » Tomcat » Version: 10.1.34
    cpe:2.3:a:apache:tomcat:10.1.34
  • Apache » Tomcat » Version: 10.1.35
    cpe:2.3:a:apache:tomcat:10.1.35
  • Apache » Tomcat » Version: 10.1.36
    cpe:2.3:a:apache:tomcat:10.1.36
  • Apache » Tomcat » Version: 10.1.37
    cpe:2.3:a:apache:tomcat:10.1.37
  • Apache » Tomcat » Version: 10.1.38
    cpe:2.3:a:apache:tomcat:10.1.38
  • Apache » Tomcat » Version: 10.1.39
    cpe:2.3:a:apache:tomcat:10.1.39
  • Apache » Tomcat » Version: 10.1.40
    cpe:2.3:a:apache:tomcat:10.1.40
  • Apache » Tomcat » Version: 10.1.41
    cpe:2.3:a:apache:tomcat:10.1.41
  • Apache » Tomcat » Version: 10.1.42
    cpe:2.3:a:apache:tomcat:10.1.42
  • Apache » Tomcat » Version: 10.1.43
    cpe:2.3:a:apache:tomcat:10.1.43
  • Apache » Tomcat » Version: 10.1.44
    cpe:2.3:a:apache:tomcat:10.1.44
  • Apache » Tomcat » Version: 10.1.45
    cpe:2.3:a:apache:tomcat:10.1.45
  • Apache » Tomcat » Version: 10.1.46
    cpe:2.3:a:apache:tomcat:10.1.46
  • Apache » Tomcat » Version: 10.1.47
    cpe:2.3:a:apache:tomcat:10.1.47
  • Apache » Tomcat » Version: 10.1.48
    cpe:2.3:a:apache:tomcat:10.1.48
  • Apache » Tomcat » Version: 11.0.0
    cpe:2.3:a:apache:tomcat:11.0.0
  • Apache » Tomcat » Version: 11.0.1
    cpe:2.3:a:apache:tomcat:11.0.1
  • Apache » Tomcat » Version: 11.0.10
    cpe:2.3:a:apache:tomcat:11.0.10
  • Apache » Tomcat » Version: 11.0.11
    cpe:2.3:a:apache:tomcat:11.0.11
  • Apache » Tomcat » Version: 11.0.12
    cpe:2.3:a:apache:tomcat:11.0.12
  • Apache » Tomcat » Version: 11.0.13
    cpe:2.3:a:apache:tomcat:11.0.13
  • Apache » Tomcat » Version: 11.0.2
    cpe:2.3:a:apache:tomcat:11.0.2
  • Apache » Tomcat » Version: 11.0.3
    cpe:2.3:a:apache:tomcat:11.0.3
  • Apache » Tomcat » Version: 11.0.4
    cpe:2.3:a:apache:tomcat:11.0.4
  • Apache » Tomcat » Version: 11.0.5
    cpe:2.3:a:apache:tomcat:11.0.5
  • Apache » Tomcat » Version: 11.0.6
    cpe:2.3:a:apache:tomcat:11.0.6
  • Apache » Tomcat » Version: 11.0.7
    cpe:2.3:a:apache:tomcat:11.0.7
  • Apache » Tomcat » Version: 11.0.8
    cpe:2.3:a:apache:tomcat:11.0.8
  • Apache » Tomcat » Version: 11.0.9
    cpe:2.3:a:apache:tomcat:11.0.9
  • Apache » Tomcat » Version: 9.0.100
    cpe:2.3:a:apache:tomcat:9.0.100
  • Apache » Tomcat » Version: 9.0.101
    cpe:2.3:a:apache:tomcat:9.0.101
  • Apache » Tomcat » Version: 9.0.102
    cpe:2.3:a:apache:tomcat:9.0.102
  • Apache » Tomcat » Version: 9.0.103
    cpe:2.3:a:apache:tomcat:9.0.103
  • Apache » Tomcat » Version: 9.0.104
    cpe:2.3:a:apache:tomcat:9.0.104
  • Apache » Tomcat » Version: 9.0.105
    cpe:2.3:a:apache:tomcat:9.0.105
  • Apache » Tomcat » Version: 9.0.106
    cpe:2.3:a:apache:tomcat:9.0.106
  • Apache » Tomcat » Version: 9.0.107
    cpe:2.3:a:apache:tomcat:9.0.107
  • Apache » Tomcat » Version: 9.0.108
    cpe:2.3:a:apache:tomcat:9.0.108
  • Apache » Tomcat » Version: 9.0.109
    cpe:2.3:a:apache:tomcat:9.0.109
  • Apache » Tomcat » Version: 9.0.110
    cpe:2.3:a:apache:tomcat:9.0.110
  • Apache » Tomcat » Version: 9.0.111
    cpe:2.3:a:apache:tomcat:9.0.111
  • Apache » Tomcat » Version: 9.0.112
    cpe:2.3:a:apache:tomcat:9.0.112
  • Apache » Tomcat » Version: 9.0.113
    cpe:2.3:a:apache:tomcat:9.0.113
  • Apache » Tomcat » Version: 9.0.114
    cpe:2.3:a:apache:tomcat:9.0.114
  • Apache » Tomcat » Version: 9.0.115
    cpe:2.3:a:apache:tomcat:9.0.115
  • Apache » Tomcat » Version: 9.0.92
    cpe:2.3:a:apache:tomcat:9.0.92
  • Apache » Tomcat » Version: 9.0.93
    cpe:2.3:a:apache:tomcat:9.0.93
  • Apache » Tomcat » Version: 9.0.94
    cpe:2.3:a:apache:tomcat:9.0.94
  • Apache » Tomcat » Version: 9.0.95
    cpe:2.3:a:apache:tomcat:9.0.95
  • Apache » Tomcat » Version: 9.0.96
    cpe:2.3:a:apache:tomcat:9.0.96
  • Apache » Tomcat » Version: 9.0.97
    cpe:2.3:a:apache:tomcat:9.0.97
  • Apache » Tomcat » Version: 9.0.98
    cpe:2.3:a:apache:tomcat:9.0.98
  • Apache » Tomcat » Version: 9.0.99
    cpe:2.3:a:apache:tomcat:9.0.99


Products
Pricing
Contact Us

Shodan ® - All rights reserved