THREAT OPS › Threat News › CVE-2026-59083: Apache Tomcat: Incorrect URL decoding in RewriteValve may allow security control bypass
CVE-2026-59083: Apache Tomcat: Incorrect URL decoding in RewriteValve may allow security control bypass
<p>Posted by Mark Thomas on Jul 14</p>Severity: low<br /> <br /> Affected versions:<br /> <br /> - Apache Tomcat 11.0.0-M1 through 11.0.23<br /> - Apache Tomcat 10.1.0-M1 through 10.1.56<br /> - Apache Tomcat 9.0.0.M1 through 9.0.119<br /> - Apache Tomcat 8.5.0 through 8.5.100<br /> - Apache Tomcat before 8.0.0 unaffected<br /> <br /> Description:<br /> <br /> Improper Handling of URL Encoding (He
Indicators of compromise
- CVE-2026-59083cve
Original source: https://seclists.org/oss-sec/2026/q3/137