Apache Tomcat February Vulnerability Security Update Advisory

Feb 19 2026

Overview

Apache Tomcat(https://tomcat.apache.org/) has released a security update that addresses a vulnerability in its shipped products. Users of affected products are advised to update to the latest version.

Affected Products

Apache Tomcat 9.0.83 – 9.0.114

Apache Tomcat 9.0.0.M1 – 9.0.112

Apache Tomcat 11.0.0-M1 – 11.0.17

Apache Tomcat 11.0.0-M1 – 11.0.14

Apache Tomcat 10.1.0-M7 – 10.1.51

Apache Tomcat 10.1.0-M1 – 10.1.49

Resolved Vulnerabilities

Incomplete OCSP Validation Check Vulnerability in Apache Tomcat (CVE-2026-24734)

Security Constraint Bypass Vulnerability in Apache Tomcat (CVE-2026-24733)

Client Certificate Verification Bypass Vulnerability Due to Virtual Host Mapping in Apache Tomcat (CVE-2025-66614)

Vulnerability Patches

Please follow the security advisory published on February 17, 2026 to update to the applicable version and the latest version.

Apache Tomcat 9.0.115

Apache Tomcat 9.0.113

Apache Tomcat 11.0.18

Apache Tomcat 11.0.15

Apache Tomcat 10.1.52

Apache Tomcat 10.1.50

Referenced Sites

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66614

[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24734

[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24733

[4] https://tomcat.apache.org/security

Apache Tomcat February Vulnerability Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Google Chrome Browser (145.0.7632.75/76) Security Update Advisory

Microsoft Edge browser (145.0.3800.58) version security update advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Google Chrome Browser (145.0.7632.75/76) Security Update Advisory

Microsoft Edge browser (145.0.3800.58) version security update advisory