{"api_version":"1","generated_at":"2026-07-10T12:47:36+00:00","cve":"CVE-2026-50229","urls":{"html":"https://cve.report/CVE-2026-50229","api":"https://cve.report/api/cve/CVE-2026-50229.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-50229","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-50229"},"summary":{"title":"Apache Tomcat: XSS in number guess example","description":"Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in the number guess example for Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Other versions that have reached end of support may also be affected.\n\nUsers are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fix the issue.","state":"PUBLISHED","assigner":"apache","published_at":"2026-06-29 21:16:44","updated_at":"2026-07-02 19:24:34"},"problem_types":["CWE-80","CWE-80 CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"6.1","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"6.1","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.openwall.com/lists/oss-security/2026/06/29/20","name":"http://www.openwall.com/lists/oss-security/2026/06/29/20","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://lists.apache.org/thread/wlt2no8bw45zl1w8byop4zfqphldf5j0","name":"https://lists.apache.org/thread/wlt2no8bw45zl1w8byop4zfqphldf5j0","refsource":"security@apache.org","tags":["Vendor Advisory","Mailing List"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-50229","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-50229","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Apache Software Foundation","product":"Apache Tomcat","version":"affected 11.0.0-M1 11.0.22 semver","platforms":[]},{"source":"CNA","vendor":"Apache Software Foundation","product":"Apache Tomcat","version":"affected 10.1.0-M1 10.1.55 semver","platforms":[]},{"source":"CNA","vendor":"Apache Software Foundation","product":"Apache Tomcat","version":"affected 9.0.0.M1 9.0.118 semver","platforms":[]},{"source":"CNA","vendor":"Apache Software Foundation","product":"Apache Tomcat","version":"affected 8.5.0 8.5.100 semver","platforms":[]},{"source":"CNA","vendor":"Apache Software Foundation","product":"Apache Tomcat","version":"affected 7.0.0 7.0.109 semver","platforms":[]},{"source":"CNA","vendor":"Apache Software Foundation","product":"Apache Tomcat","version":"unknown 7.0.0 semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Erichen, Institute of Computing Technology, Chinese Academy of Sciences","lang":"en"},{"source":"CNA","value":"Yashar Shahinzadeh","lang":"en"},{"source":"CNA","value":"Amirmohammad Safari","lang":"en"}],"nvd_cpes":[{"cve_year":"2026","cve_id":"50229","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"tomcat","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"50229","vulnerable":"1","versionEndIncluding":"7.0.109","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"tomcat","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2026","cve_id":"50229","vulnerable":"1","versionEndIncluding":"8.5.100","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"apache","cpe5":"tomcat","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"50229","cve":"CVE-2026-50229","epss":"0.003570000","percentile":"0.277630000","score_date":"2026-07-04","updated_at":"2026-07-05 00:02:27"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2026-06-29T22:24:20.838Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"url":"http://www.openwall.com/lists/oss-security/2026/06/29/20"}],"title":"CVE Program Container"},{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","version":"3.1"}},{"other":{"content":{"id":"CVE-2026-50229","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-06-30T12:49:25.834984Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-06-30T12:50:01.539Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unaffected","product":"Apache Tomcat","vendor":"Apache Software Foundation","versions":[{"lessThanOrEqual":"11.0.22","status":"affected","version":"11.0.0-M1","versionType":"semver"},{"lessThanOrEqual":"10.1.55","status":"affected","version":"10.1.0-M1","versionType":"semver"},{"lessThanOrEqual":"9.0.118","status":"affected","version":"9.0.0.M1","versionType":"semver"},{"lessThanOrEqual":"8.5.100","status":"affected","version":"8.5.0","versionType":"semver"},{"lessThanOrEqual":"7.0.109","status":"affected","version":"7.0.0","versionType":"semver"},{"lessThan":"7.0.0","status":"unknown","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Erichen, Institute of Computing Technology, Chinese Academy of Sciences"},{"lang":"en","type":"finder","value":"Yashar Shahinzadeh"},{"lang":"en","type":"finder","value":"Amirmohammad Safari"}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in the number guess example for Apache Tomcat.</p><p>This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Other versions that have reached end of support may also be affected.</p><p>Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fix the issue.</p>"}],"value":"Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in the number guess example for Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Other versions that have reached end of support may also be affected.\n\nUsers are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fix the issue."}],"metrics":[{"other":{"content":{"text":"low"},"type":"Textual description of severity"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-80","description":"CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-29T20:37:30.642Z","orgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","shortName":"apache"},"references":[{"tags":["vendor-advisory"],"url":"https://lists.apache.org/thread/wlt2no8bw45zl1w8byop4zfqphldf5j0"}],"source":{"discovery":"EXTERNAL"},"title":"Apache Tomcat: XSS in number guess example","x_generator":{"engine":"Vulnogram 0.2.0"}}},"cveMetadata":{"assignerOrgId":"f0158376-9dc2-43b6-827c-5f631a4d8d09","assignerShortName":"apache","cveId":"CVE-2026-50229","datePublished":"2026-06-29T20:36:24.683Z","dateReserved":"2026-06-04T09:39:23.609Z","dateUpdated":"2026-06-30T12:50:01.539Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-29 21:16:44","lastModifiedDate":"2026-07-02 19:24:34","problem_types":["CWE-80","CWE-80 CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-30T12:49:25.834984Z","id":"CVE-2026-50229","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionEndIncluding":"7.0.109","matchCriteriaId":"FBE1DD9D-848F-4FD6-94B8-3F3188A13239"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"8.5.0","versionEndIncluding":"8.5.100","matchCriteriaId":"FF43D0D7-FBF3-4D7A-84C4-47B65A75A524"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"9.0.0","versionEndExcluding":"9.0.119","matchCriteriaId":"EA5B1F1F-8593-47C6-B14E-8F60BE7E1199"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"10.1.0","versionEndExcluding":"10.1.56","matchCriteriaId":"4A8C20B4-DBE1-4890-AD5E-D5EABB6B739D"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndExcluding":"11.0.23","matchCriteriaId":"C43AD2A0-8785-4A37-AAAE-347B1E0463F1"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"50229","Ordinal":"1","Title":"Apache Tomcat: XSS in number guess example","CVE":"CVE-2026-50229","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"50229","Ordinal":"1","NoteData":"Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in the number guess example for Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Other versions that have reached end of support may also be affected.\n\nUsers are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fix the issue.","Type":"Description","Title":"Apache Tomcat: XSS in number guess example"}]}}}