Is CVE-2026-29145 actively exploited?

CVE-2026-29145 has no public evidence of in-the-wild exploitation as of 2026-04-14.

What is the CVSS score for CVE-2026-29145?

CVE-2026-29145 has a CVSS score of 9.1 (CRITICAL severity). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.

How do I patch CVE-2026-29145?

Patch guidance is available from apache security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2026-29145.

Fix CVE-2026-29145 - CRITICAL apache tomcat

Q: Which products are affected by CVE-2026-29145?

20 products: apache tomcat, apache tomcat, apache tomcat, apache tomcat, apache tomcat, and 15 more.

Description

CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13. Users are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and 9.0.116, which fix the issue.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector: network
Complexity: low
Privileges: none
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: none
Weaknesses: CWE-287 · Improper Authentication

Metadata

Primary Vendor: APACHE
Published: 4/9/2026
Last Modified: 4/14/2026
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

apache : tomcatapache : tomcatapache : tomcatapache : tomcatapache : tomcatapache : tomcatapache : tomcatapache : tomcatapache : tomcatapache : tomcatapache : tomcatapache : tomcatapache : tomcatapache : tomcatapache : tomcatapache : tomcatapache : tomcatapache : tomcatapache : tomcat_nativeapache : tomcat_native

Remediation Guidance

Executive Summary

View on NIST NVD