THREATOPS
THREAT OPSThreat News › CVE-2026-59083: Apache Tomcat: Incorrect URL decoding in RewriteValve may allow security control bypass

CVE-2026-59083: Apache Tomcat: Incorrect URL decoding in RewriteValve may allow security control bypass

medoss_secPublished 2026-07-14

<p>Posted by Mark Thomas on Jul 14</p>Severity: low<br /> <br /> Affected versions:<br /> <br /> - Apache Tomcat 11.0.0-M1 through 11.0.23<br /> - Apache Tomcat 10.1.0-M1 through 10.1.56<br /> - Apache Tomcat 9.0.0.M1 through 9.0.119<br /> - Apache Tomcat 8.5.0 through 8.5.100<br /> - Apache Tomcat before 8.0.0 unaffected<br /> <br /> Description:<br /> <br /> Improper Handling of URL Encoding (He

Indicators of compromise

Original source: https://seclists.org/oss-sec/2026/q3/137