CVE-2026-25854 - Vulnerability Analysis
N/aLast Updated: April 9, 2026
Apache Tomcat - Open Redirect
Published: April 9, 2026Updated: April 9, 2026PoC Available
Overview
Apache Tomcat 8.5.30 to 8.5.100, 9.0.0.M23 to 9.0.115, 10.1.0-M1 to 10.1.52, and 11.0.0-M1 to 11.0.18 contain an open redirect caused by improper URL handling in LoadBalancerDrainingValve, letting attackers redirect users to untrusted sites, exploit requires crafted URL.
Severity & Score
Severity: N/a
Impact
Attackers can redirect users to malicious sites, potentially leading to phishing or credential theft.
Mitigation
Upgrade to versions 11.0.20, 10.1.53, or 9.0.116 or later.
Related Resources
Details
- CVE ID
- CVE-2026-25854
- Severity
- N/a
- Type
- open_redirect
- Status
- new
CWE
- CWE-601
CVSS Metrics
N/A