UBUNTU-CVE-2026-25854
- Source
- https://ubuntu.com/security/CVE-2026-25854
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-25854.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2026-25854
- Upstream
- Published
- 2026-04-09T20:16:00Z
- Modified
- 2026-05-20T16:12:09.510482966Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100. Other, unsupported versions may also be affected Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.
- References
Affected packages
Ubuntu:16.04:LTS
tomcat6
Package
- Name
- tomcat6
- Purl
- pkg:deb/ubuntu/tomcat6?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:25.10
tomcat10
Package
- Name
- tomcat10
- Purl
- pkg:deb/ubuntu/tomcat10?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtomcat10-embed-java",
"binary_version": "10.1.40-1ubuntu1"
},
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "libtomcat10-java"
},
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "tomcat10"
},
{
"binary_name": "tomcat10-admin",
"binary_version": "10.1.40-1ubuntu1"
},
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "tomcat10-common"
},
{
"binary_name": "tomcat10-docs",
"binary_version": "10.1.40-1ubuntu1"
},
{
"binary_name": "tomcat10-examples",
"binary_version": "10.1.40-1ubuntu1"
},
{
"binary_name": "tomcat10-user",
"binary_version": "10.1.40-1ubuntu1"
}
]
}tomcat11
Package
- Name
- tomcat11
- Purl
- pkg:deb/ubuntu/tomcat11?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtomcat11-embed-java",
"binary_version": "11.0.6-1"
},
{
"binary_version": "11.0.6-1",
"binary_name": "libtomcat11-java"
},
{
"binary_version": "11.0.6-1",
"binary_name": "tomcat11"
},
{
"binary_name": "tomcat11-admin",
"binary_version": "11.0.6-1"
},
{
"binary_name": "tomcat11-common",
"binary_version": "11.0.6-1"
},
{
"binary_version": "11.0.6-1",
"binary_name": "tomcat11-docs"
},
{
"binary_name": "tomcat11-examples",
"binary_version": "11.0.6-1"
},
{
"binary_name": "tomcat11-user",
"binary_version": "11.0.6-1"
}
]
}tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:26.04:LTS
tomcat10
Package
- Name
- tomcat10
- Purl
- pkg:deb/ubuntu/tomcat10?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtomcat10-embed-java",
"binary_version": "10.1.40-1ubuntu1"
},
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "libtomcat10-java"
},
{
"binary_name": "tomcat10",
"binary_version": "10.1.40-1ubuntu1"
},
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "tomcat10-admin"
},
{
"binary_name": "tomcat10-common",
"binary_version": "10.1.40-1ubuntu1"
},
{
"binary_name": "tomcat10-docs",
"binary_version": "10.1.40-1ubuntu1"
},
{
"binary_version": "10.1.40-1ubuntu1",
"binary_name": "tomcat10-examples"
},
{
"binary_name": "tomcat10-user",
"binary_version": "10.1.40-1ubuntu1"
}
]
}tomcat11
Package
- Name
- tomcat11
- Purl
- pkg:deb/ubuntu/tomcat11?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtomcat11-embed-java",
"binary_version": "11.0.18-1"
},
{
"binary_version": "11.0.18-1",
"binary_name": "libtomcat11-java"
},
{
"binary_version": "11.0.18-1",
"binary_name": "tomcat11"
},
{
"binary_version": "11.0.18-1",
"binary_name": "tomcat11-admin"
},
{
"binary_version": "11.0.18-1",
"binary_name": "tomcat11-common"
},
{
"binary_name": "tomcat11-docs",
"binary_version": "11.0.18-1"
},
{
"binary_name": "tomcat11-examples",
"binary_version": "11.0.18-1"
},
{
"binary_name": "tomcat11-user",
"binary_version": "11.0.18-1"
}
]
}tomcat9
Ubuntu:Pro:14.04:LTS
tomcat6
Package
- Name
- tomcat6
- Purl
- pkg:deb/ubuntu/tomcat6?arch=source&distro=esm-infra-legacy%2Ftrusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
6.*
6.0.37-1
6.0.39-1
6.0.39-1ubuntu0.1
6.0.39-1ubuntu0.1+esm1
6.0.39-1ubuntu0.1+esm2
Ecosystem specific
{
"binaries": [
{
"binary_name": "libservlet2.4-java",
"binary_version": "6.0.39-1ubuntu0.1+esm2"
},
{
"binary_name": "libservlet2.5-java",
"binary_version": "6.0.39-1ubuntu0.1+esm2"
},
{
"binary_version": "6.0.39-1ubuntu0.1+esm2",
"binary_name": "libtomcat6-java"
},
{
"binary_name": "tomcat6",
"binary_version": "6.0.39-1ubuntu0.1+esm2"
},
{
"binary_version": "6.0.39-1ubuntu0.1+esm2",
"binary_name": "tomcat6-admin"
},
{
"binary_version": "6.0.39-1ubuntu0.1+esm2",
"binary_name": "tomcat6-common"
},
{
"binary_version": "6.0.39-1ubuntu0.1+esm2",
"binary_name": "tomcat6-docs"
},
{
"binary_name": "tomcat6-examples",
"binary_version": "6.0.39-1ubuntu0.1+esm2"
},
{
"binary_name": "tomcat6-extras",
"binary_version": "6.0.39-1ubuntu0.1+esm2"
},
{
"binary_name": "tomcat6-user",
"binary_version": "6.0.39-1ubuntu0.1+esm2"
}
]
}tomcat7
Package
- Name
- tomcat7
- Purl
- pkg:deb/ubuntu/tomcat7?arch=source&distro=esm-infra-legacy%2Ftrusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.0.42-1
7.0.47-1
7.0.50-1
7.0.52-1
7.0.52-1ubuntu0.1
7.0.52-1ubuntu0.3
7.0.52-1ubuntu0.6
7.0.52-1ubuntu0.7
7.0.52-1ubuntu0.8
7.0.52-1ubuntu0.9
7.0.52-1ubuntu0.10
7.0.52-1ubuntu0.11
7.0.52-1ubuntu0.13
7.0.52-1ubuntu0.14
7.0.52-1ubuntu0.15
7.0.52-1ubuntu0.16
7.0.52-1ubuntu0.16+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "7.0.52-1ubuntu0.16+esm1",
"binary_name": "libservlet3.0-java"
},
{
"binary_name": "libtomcat7-java",
"binary_version": "7.0.52-1ubuntu0.16+esm1"
},
{
"binary_name": "tomcat7",
"binary_version": "7.0.52-1ubuntu0.16+esm1"
},
{
"binary_name": "tomcat7-admin",
"binary_version": "7.0.52-1ubuntu0.16+esm1"
},
{
"binary_name": "tomcat7-common",
"binary_version": "7.0.52-1ubuntu0.16+esm1"
},
{
"binary_name": "tomcat7-docs",
"binary_version": "7.0.52-1ubuntu0.16+esm1"
},
{
"binary_version": "7.0.52-1ubuntu0.16+esm1",
"binary_name": "tomcat7-examples"
},
{
"binary_name": "tomcat7-user",
"binary_version": "7.0.52-1ubuntu0.16+esm1"
}
]
}Ubuntu:Pro:16.04:LTS
tomcat8
Package
- Name
- tomcat8
- Purl
- pkg:deb/ubuntu/tomcat8?arch=source&distro=esm-infra%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
8.*
8.0.26-1
8.0.28-1
8.0.30-1
8.0.32-1
8.0.32-1ubuntu1
8.0.32-1ubuntu1.1
8.0.32-1ubuntu1.2
8.0.32-1ubuntu1.3
8.0.32-1ubuntu1.4
8.0.32-1ubuntu1.5
8.0.32-1ubuntu1.6
8.0.32-1ubuntu1.7
8.0.32-1ubuntu1.8
8.0.32-1ubuntu1.9
8.0.32-1ubuntu1.10
8.0.32-1ubuntu1.11
8.0.32-1ubuntu1.13
8.0.32-1ubuntu1.13+esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "libservlet3.1-java",
"binary_version": "8.0.32-1ubuntu1.13+esm1"
},
{
"binary_name": "libtomcat8-java",
"binary_version": "8.0.32-1ubuntu1.13+esm1"
},
{
"binary_name": "tomcat8",
"binary_version": "8.0.32-1ubuntu1.13+esm1"
},
{
"binary_name": "tomcat8-admin",
"binary_version": "8.0.32-1ubuntu1.13+esm1"
},
{
"binary_version": "8.0.32-1ubuntu1.13+esm1",
"binary_name": "tomcat8-common"
},
{
"binary_name": "tomcat8-docs",
"binary_version": "8.0.32-1ubuntu1.13+esm1"
},
{
"binary_name": "tomcat8-examples",
"binary_version": "8.0.32-1ubuntu1.13+esm1"
},
{
"binary_name": "tomcat8-user",
"binary_version": "8.0.32-1ubuntu1.13+esm1"
}
]
}tomcat7
Package
- Name
- tomcat7
- Purl
- pkg:deb/ubuntu/tomcat7?arch=source&distro=esm-apps%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
7.*
7.0.64-1
7.0.68-1
7.0.68-1ubuntu0.1
7.0.68-1ubuntu0.3
7.0.68-1ubuntu0.4
7.0.68-1ubuntu0.4+esm1
7.0.68-1ubuntu0.4+esm2
7.0.68-1ubuntu0.4+esm3
Ecosystem specific
{
"binaries": [
{
"binary_name": "libservlet3.0-java",
"binary_version": "7.0.68-1ubuntu0.4+esm3"
},
{
"binary_name": "libtomcat7-java",
"binary_version": "7.0.68-1ubuntu0.4+esm3"
},
{
"binary_name": "tomcat7",
"binary_version": "7.0.68-1ubuntu0.4+esm3"
},
{
"binary_version": "7.0.68-1ubuntu0.4+esm3",
"binary_name": "tomcat7-admin"
},
{
"binary_name": "tomcat7-common",
"binary_version": "7.0.68-1ubuntu0.4+esm3"
},
{
"binary_name": "tomcat7-docs",
"binary_version": "7.0.68-1ubuntu0.4+esm3"
},
{
"binary_version": "7.0.68-1ubuntu0.4+esm3",
"binary_name": "tomcat7-examples"
},
{
"binary_version": "7.0.68-1ubuntu0.4+esm3",
"binary_name": "tomcat7-user"
}
]
}Ubuntu:Pro:18.04:LTS
tomcat7
Package
- Name
- tomcat7
- Purl
- pkg:deb/ubuntu/tomcat7?arch=source&distro=esm-apps%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
tomcat8
Package
- Name
- tomcat8
- Purl
- pkg:deb/ubuntu/tomcat8?arch=source&distro=esm-apps%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
8.*
8.5.21-1ubuntu1
8.5.29-1
8.5.30-1
8.5.30-1ubuntu1
8.5.30-1ubuntu1.2
8.5.30-1ubuntu1.3
8.5.30-1ubuntu1.4
8.5.39-1ubuntu1~18.04.1
8.5.39-1ubuntu1~18.04.2
8.5.39-1ubuntu1~18.04.3
8.5.39-1ubuntu1~18.04.3+esm1
8.5.39-1ubuntu1~18.04.3+esm2
8.5.39-1ubuntu1~18.04.3+esm3
8.5.39-1ubuntu1~18.04.3+esm4
8.5.39-1ubuntu1~18.04.3+esm5
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtomcat8-embed-java",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5"
},
{
"binary_name": "libtomcat8-java",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5"
},
{
"binary_name": "tomcat8",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5"
},
{
"binary_name": "tomcat8-admin",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5"
},
{
"binary_name": "tomcat8-common",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5"
},
{
"binary_name": "tomcat8-docs",
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5"
},
{
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5",
"binary_name": "tomcat8-examples"
},
{
"binary_version": "8.5.39-1ubuntu1~18.04.3+esm5",
"binary_name": "tomcat8-user"
}
]
}tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9?arch=source&distro=esm-apps%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
9.*
9.0.16-3~18.04.1
9.0.16-3ubuntu0.18.04.1
9.0.16-3ubuntu0.18.04.2
9.0.16-3ubuntu0.18.04.2+esm1
9.0.16-3ubuntu0.18.04.2+esm2
9.0.16-3ubuntu0.18.04.2+esm3
9.0.16-3ubuntu0.18.04.2+esm4
9.0.16-3ubuntu0.18.04.2+esm5
9.0.16-3ubuntu0.18.04.2+esm6
9.0.16-3ubuntu0.18.04.2+esm7
Ecosystem specific
{
"binaries": [
{
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm7",
"binary_name": "libtomcat9-embed-java"
},
{
"binary_name": "libtomcat9-java",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm7"
},
{
"binary_name": "tomcat9",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm7"
},
{
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm7",
"binary_name": "tomcat9-admin"
},
{
"binary_name": "tomcat9-common",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm7"
},
{
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm7",
"binary_name": "tomcat9-docs"
},
{
"binary_name": "tomcat9-examples",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm7"
},
{
"binary_name": "tomcat9-user",
"binary_version": "9.0.16-3ubuntu0.18.04.2+esm7"
}
]
}Ubuntu:Pro:20.04:LTS
tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9?arch=source&distro=esm-apps%2Ffocal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
9.*
9.0.24-1
9.0.27-1
9.0.31-1
9.0.31-1ubuntu0.1
9.0.31-1ubuntu0.2
9.0.31-1ubuntu0.3
9.0.31-1ubuntu0.4
9.0.31-1ubuntu0.5
9.0.31-1ubuntu0.6
9.0.31-1ubuntu0.7
9.0.31-1ubuntu0.8
9.0.31-1ubuntu0.9
9.0.31-1ubuntu0.9+esm1
9.0.31-1ubuntu0.9+esm2
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtomcat9-embed-java",
"binary_version": "9.0.31-1ubuntu0.9+esm2"
},
{
"binary_name": "libtomcat9-java",
"binary_version": "9.0.31-1ubuntu0.9+esm2"
},
{
"binary_version": "9.0.31-1ubuntu0.9+esm2",
"binary_name": "tomcat9"
},
{
"binary_name": "tomcat9-admin",
"binary_version": "9.0.31-1ubuntu0.9+esm2"
},
{
"binary_name": "tomcat9-common",
"binary_version": "9.0.31-1ubuntu0.9+esm2"
},
{
"binary_version": "9.0.31-1ubuntu0.9+esm2",
"binary_name": "tomcat9-docs"
},
{
"binary_name": "tomcat9-examples",
"binary_version": "9.0.31-1ubuntu0.9+esm2"
},
{
"binary_version": "9.0.31-1ubuntu0.9+esm2",
"binary_name": "tomcat9-user"
}
]
}Ubuntu:Pro:22.04:LTS
tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9?arch=source&distro=esm-apps%2Fjammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
9.*
9.0.43-3
9.0.54-1
9.0.55-1
9.0.58-1
9.0.58-1ubuntu0.1
9.0.58-1ubuntu0.1+esm1
9.0.58-1ubuntu0.1+esm2
9.0.58-1ubuntu0.1+esm3
9.0.58-1ubuntu0.1+esm4
9.0.58-1ubuntu0.2
9.0.58-1ubuntu0.2+esm1
9.0.58-1ubuntu0.2+esm2
9.0.58-1ubuntu0.2+esm3
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtomcat9-embed-java",
"binary_version": "9.0.58-1ubuntu0.2+esm3"
},
{
"binary_name": "libtomcat9-java",
"binary_version": "9.0.58-1ubuntu0.2+esm3"
},
{
"binary_version": "9.0.58-1ubuntu0.2+esm3",
"binary_name": "tomcat9"
},
{
"binary_name": "tomcat9-admin",
"binary_version": "9.0.58-1ubuntu0.2+esm3"
},
{
"binary_version": "9.0.58-1ubuntu0.2+esm3",
"binary_name": "tomcat9-common"
},
{
"binary_name": "tomcat9-docs",
"binary_version": "9.0.58-1ubuntu0.2+esm3"
},
{
"binary_version": "9.0.58-1ubuntu0.2+esm3",
"binary_name": "tomcat9-examples"
},
{
"binary_version": "9.0.58-1ubuntu0.2+esm3",
"binary_name": "tomcat9-user"
}
]
}Ubuntu:Pro:24.04:LTS
tomcat10
Package
- Name
- tomcat10
- Purl
- pkg:deb/ubuntu/tomcat10?arch=source&distro=esm-apps%2Fnoble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
10.*
10.1.10-1
10.1.14-1
10.1.15-1
10.1.16-1
10.1.16-1ubuntu0.1~esm1
10.1.16-1ubuntu0.1~esm2
10.1.16-1ubuntu0.1~esm3
Ecosystem specific
{
"binaries": [
{
"binary_name": "libtomcat10-embed-java",
"binary_version": "10.1.16-1ubuntu0.1~esm3"
},
{
"binary_version": "10.1.16-1ubuntu0.1~esm3",
"binary_name": "libtomcat10-java"
},
{
"binary_name": "tomcat10",
"binary_version": "10.1.16-1ubuntu0.1~esm3"
},
{
"binary_name": "tomcat10-admin",
"binary_version": "10.1.16-1ubuntu0.1~esm3"
},
{
"binary_version": "10.1.16-1ubuntu0.1~esm3",
"binary_name": "tomcat10-common"
},
{
"binary_name": "tomcat10-docs",
"binary_version": "10.1.16-1ubuntu0.1~esm3"
},
{
"binary_name": "tomcat10-examples",
"binary_version": "10.1.16-1ubuntu0.1~esm3"
},
{
"binary_name": "tomcat10-user",
"binary_version": "10.1.16-1ubuntu0.1~esm3"
}
]
}tomcat9
Package
- Name
- tomcat9
- Purl
- pkg:deb/ubuntu/tomcat9?arch=source&distro=esm-apps%2Fnoble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
9.*
9.0.70-1ubuntu1
9.0.70-2
9.0.70-2ubuntu0.1
9.0.70-2ubuntu0.1+esm1
9.0.70-2ubuntu0.1+esm2