Apache Tomcat fixes EncryptInterceptor bypass and related security flaws

Apache Tomcat users need to patch again if they updated last month for the EncryptInterceptor issue. Apache has now disclosed that the earlier fix for CVE-2026-29146 introduced a new flaw, CVE-2026-34486, which can let attackers bypass the EncryptInterceptor entirely in specific Tomcat releases. The newly disclosed bypass affects Apache Tomcat 11.0.20, 10.1.53, and 9.0.116. Apache […] The post Apache Tomcat fixes EncryptInterceptor bypass and related security flaws appeared first on VPN Central.