{ "schema_version": "1.7.0", "id": "RHSA-2026:18537", "related": [], "upstream": [ "CVE-2025-46701", "CVE-2025-55668", "CVE-2025-55754" ], "published": "2026-05-20T10:09:21Z", "modified": "2026-05-29T10:09:16Z", "summary": "Red Hat Security Advisory: tomcat security update", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "affected": [ { "package": { "name": "tomcat", "ecosystem": "Red Hat:enterprise_linux:10.2", "purl": "pkg:rpm/redhat/tomcat" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1:10.1.49-1.el10" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "tomcat-admin-webapps", "ecosystem": "Red Hat:enterprise_linux:10.2", "purl": "pkg:rpm/redhat/tomcat-admin-webapps" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1:10.1.49-1.el10" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "tomcat-docs-webapp", "ecosystem": "Red Hat:enterprise_linux:10.2", "purl": "pkg:rpm/redhat/tomcat-docs-webapp" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1:10.1.49-1.el10" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "tomcat-el-5.0-api", "ecosystem": "Red Hat:enterprise_linux:10.2", "purl": "pkg:rpm/redhat/tomcat-el-5.0-api" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1:10.1.49-1.el10" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "tomcat-jsp-3.1-api", "ecosystem": "Red Hat:enterprise_linux:10.2", "purl": "pkg:rpm/redhat/tomcat-jsp-3.1-api" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1:10.1.49-1.el10" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "tomcat-lib", "ecosystem": "Red Hat:enterprise_linux:10.2", "purl": "pkg:rpm/redhat/tomcat-lib" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1:10.1.49-1.el10" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "tomcat-servlet-6.0-api", "ecosystem": "Red Hat:enterprise_linux:10.2", "purl": "pkg:rpm/redhat/tomcat-servlet-6.0-api" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1:10.1.49-1.el10" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "tomcat-webapps", "ecosystem": "Red Hat:enterprise_linux:10.2", "purl": "pkg:rpm/redhat/tomcat-webapps" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1:10.1.49-1.el10" } ], "type": "ECOSYSTEM" } ] } ], "references": [ { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2026:18537" }, { "type": "ARTICLE", "url": "https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/html/10.2_release_notes/index" }, { "type": "ARTICLE", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2369253" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2388226" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406590" }, { "type": "ARTICLE", "url": "https://issues.redhat.com/browse/RHEL-150099" }, { "type": "ADVISORY", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_18537.json" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2025-46701" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2025-46701" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46701" }, { "type": "ARTICLE", "url": "https://lists.apache.org/thread/xhqqk9w5q45srcdqhogdk04lhdscv30j" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2025-55668" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2025-55668" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55668" }, { "type": "ARTICLE", "url": "https://github.com/apache/tomcat/commit/8621e4c6ba2c916a41eb34cb0f781171ead33fb6" }, { "type": "ARTICLE", "url": "https://github.com/apache/tomcat/commit/90306d971bb8b8393336d893644124fb2ca11d21" }, { "type": "ARTICLE", "url": "https://github.com/apache/tomcat/commit/9c3673ba04009377cb0c81ccb6cf5078aec1aa95" }, { "type": "ARTICLE", "url": "https://lists.apache.org/thread/v6bknr96rl7l1qxkl1c03v0qdvbbqs47" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2025-55754" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2025-55754" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55754" }, { "type": "ARTICLE", "url": "https://github.com/apache/tomcat/commit/5a3db092982c0c58d4855304167ee757fe5e79bb" }, { "type": "ARTICLE", "url": "https://lists.apache.org/thread/j7w54hqbkfcn0xb9xy0wnx8w5nymcbqd" } ] }