Bug 2476513 (CVE-2026-41293) - CVE-2026-41293 tomcat-coyote: Apache Tomcat: HTTP/2 request headers not validated
Summary: CVE-2026-41293 tomcat-coyote: Apache Tomcat: HTTP/2 request headers not valid...
Keywords:
Status: NEW
Alias: CVE-2026-41293
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-05-12 16:01 UTC by OSIDB Bzimport
Modified: 2026-07-14 16:11 UTC (History)
10 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:39188 0 None None None 2026-07-14 16:11:41 UTC
Red Hat Product Errata RHSA-2026:39189 0 None None None 2026-07-14 16:08:46 UTC

Description OSIDB Bzimport 2026-05-12 16:01:53 UTC
Improper Input Validation vulnerability in Apache Tomcat.

This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.21, from 10.1.0-M1 through 10.1.54, from 9.0.0.M1 through 9.0.117, from 10.0.0-M1 through 10.0.27.
Older, end of support versions may also be affected.

Users are recommended to upgrade to version [FIXED_VERSION], which fixes the issue.

Comment 2 errata-xmlrpc 2026-07-14 16:08:45 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Web Server 7.0.0

Via RHSA-2026:39189 https://access.redhat.com/errata/RHSA-2026:39189

Comment 3 errata-xmlrpc 2026-07-14 16:11:40 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Web Server 7.0 on RHEL 10
  Red Hat JBoss Web Server 7.0 on RHEL 8
  Red Hat JBoss Web Server 7.0 on RHEL 9

Via RHSA-2026:39188 https://access.redhat.com/errata/RHSA-2026:39188


Note You need to log in before you can comment on or make changes to this bug.