oss-sec mailing list archives
CVE-2026-29129: Apache Tomcat: TLS cipher order is not preserved
From: Mark Thomas <markt () apache org>
Date: Thu, 9 Apr 2026 20:48:03 +0100
Severity: low Affected versions: - Apache Tomcat 11.0.16 through 11.0.18 - Apache Tomcat 10.1.51 through 10.1.52 - Apache Tomcat 9.0.114 through 9.0.115 Description:Configured cipher preference order not preserved vulnerability in Apache Tomcat.
This issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115.
Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.
References: https://lists.apache.org/thread/r4h1t6f8xhxsxfm6c2z5cprolsosho3f https://tomcat.apache.org/ https://www.cve.org/CVERecord?id=CVE-2026-29129
Current thread:
- CVE-2026-29129: Apache Tomcat: TLS cipher order is not preserved Mark Thomas (Apr 09)
