Tomcat patches CBC padding oracle in EncryptInterceptor

1 min readPublished 09 Apr 2026Source: Openwall (oss-security mailing list)

CVE-2026-29146 News Java Web Security Cryptography

TL;DR — Tomcat’s clustering EncryptInterceptor used CBC by default, creating a padding-oracle exposure; if you rely on encrypted cluster traffic, review configs and follow Tomcat’s upgrade guidance.

What happened

Apache Tomcat is a widely deployed Java servlet container used to run web applications and APIs. An oss-security advisory discloses CVE-2026-29146 as an important issue: Tomcat’s clustering EncryptInterceptor used CBC by default, which is vulnerable to padding oracle attacks when running with the default configuration.

Item	Source value
Affected component	Tomcat clustering `EncryptInterceptor`
Issue	CBC default is vulnerable to padding oracle attack
Severity	`important`
Affected versions (advisory)	Tomcat `11.0.0-M1` through `11.0.18`; `10.0.0-M1` through `10.1.52`; `9.0.13` through `9.0.115`; `8.5.38` through `8.5.100`; `7.0.100` through `7.0.109`

Padding oracle issues are a recurring class of cryptographic footgun because they often only need a small “oracle” signal (padding-valid vs padding-invalid) to turn ciphertext into a decryption/tampering primitive in real deployments.

Who is impacted

Tomcat deployments using the clustering EncryptInterceptor with default configuration.
Operators running versions called out in the advisory:
- 11.0.0-M1 through 11.0.18
- 10.0.0-M1 through 10.1.52
- 9.0.13 through 9.0.115
- 8.5.38 through 8.5.100
- 7.0.100 through 7.0.109
Environments where attackers can potentially influence or observe encrypted cluster traffic are typically higher-risk for padding-oracle classes of cryptographic weakness.

What to do now

Follow vendor remediation guidance and apply the latest patched release available at the time of writing.

"Users are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue."
Inventory where clustering is enabled and where EncryptInterceptor is configured (especially any production clusters spanning untrusted network boundaries).
Validate downstream patch selection against Tomcat’s current security pages for your major line (for example: https://tomcat.apache.org/security-11.html, https://tomcat.apache.org/security-10.html, https://tomcat.apache.org/security-9.html) in case additional release/branch notes affect what you can actually deploy.
If you suspect exposure or manipulation of cluster traffic, treat this as a crypto-control failure and review cluster network controls and secrets accessible to the Tomcat processes involved.

Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.