Main Vulnerability Database SB2026061676

SB2026061676 - Red Hat Enterprise Linux 9 update for tomcat

Published: June 16, 2026

Security Bulletin ID SB2026061676

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper authorization (CVE-ID: CVE-2026-24734)

CWE-ID: CWE-285 - Improper Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to incomplete OCSP verification checks. When using an OCSP responder, Tomcat's FFM integration with OpenSSL does not complete verification or freshness checks on the OCSP response. A remote attacker can bypass certificate revocation and gain unauthorized access to the application.

Remediation

Install update from vendor's website.

References

https://access.redhat.com/errata/RHSA-2026:26323