CVE-2026-53404
Apache Tomcat: Bad ornext processing in RewriteValve
Description
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100. Other versions that have reached end of support may also be affected. Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fix the issue.
INFO
Published Date :
June 29, 2026, 8:39 p.m.
Last Modified :
June 29, 2026, 8:39 p.m.
Remotely Exploit :
No
Source :
apache
Solution
- Upgrade to Apache Tomcat version 11.0.23.
- Upgrade to Apache Tomcat version 10.1.56.
- Upgrade to Apache Tomcat version 9.0.119.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2026-53404 vulnerability anywhere in the article.