topic ESRI Enterprise Vulnerability for Tomcat - CVE-2026-29146 in ArcGIS Enterprise Questions https://community.esri.com/t5/arcgis-enterprise-questions/esri-enterprise-vulnerability-for-tomcat-cve-2026/m-p/1698901#M44109 <P>Greetings All,</P><P>we have received multiple alerts from Cybersecurity Team for the -&nbsp;<STRONG>CVE-2026-29146, </STRONG>tomcat software present in almost all the Esri Enterprise Products. 11.3 and 11.5 installations of ArcGIS Server and ArcGIS Portal, ArcGIS Data Store. I am unable to find any ESRI Patch or Document stating the vulnerability mitigation patch or the affect of this vulnerability to ESRI Enterprise Software Suite.</P><P>&nbsp;</P><TABLE width="1857"><TBODY><TR><TD width="64">SoftwareName</TD><TD width="64">SoftwareVersion</TD><TD width="103">CveId</TD><TD width="1626">EvidencePaths</TD></TR><TR><TD>tomcat</TD><TD>9.0.84.0</TD><TD>CVE-2026-29146</TD><TD>["c:\\program files\\arcgis\\server\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar"]</TD></TR><TR><TD>tomcat</TD><TD>9.0.84.0</TD><TD>CVE-2026-29146</TD><TD>["c:\\program files\\arcgis\\datastore\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar","c:\\program files\\arcgis\\portal\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar","c:\\program files\\arcgis\\server\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar"]</TD></TR><TR><TD>tomcat</TD><TD>10.1.34.0</TD><TD>CVE-2026-29146</TD><TD>["c:\\program files\\arcgis\\server\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar"]</TD></TR><TR><TD>tomcat</TD><TD>10.1.34.0</TD><TD>CVE-2026-29146</TD><TD>["c:\\program files\\arcgis\\server\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar"]</TD></TR><TR><TD>tomcat</TD><TD>10.1.34.0</TD><TD>CVE-2026-29146</TD><TD>["c:\\program files\\arcgis\\server\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar"]</TD></TR><TR><TD>tomcat</TD><TD>10.1.34.0</TD><TD>CVE-2026-29146</TD><TD>["c:\\program files\\arcgis\\server\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar"]</TD></TR><TR><TD>tomcat</TD><TD>9.0.84.0</TD><TD>CVE-2026-29146</TD><TD>["c:\\program files\\arcgis\\datastore\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar","c:\\program files\\arcgis\\server\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar"]</TD></TR><TR><TD>tomcat</TD><TD>9.0.62.0</TD><TD>CVE-2026-29146</TD><TD>["c:\\program files\\arcgis\\datastore\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar","c:\\program files\\arcgis\\server\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar"]</TD></TR></TBODY></TABLE> Wed, 29 Apr 2026 05:52:04 GMT vipulsoni 2026-04-29T05:52:04Z ESRI Enterprise Vulnerability for Tomcat - CVE-2026-29146 https://community.esri.com/t5/arcgis-enterprise-questions/esri-enterprise-vulnerability-for-tomcat-cve-2026/m-p/1698901#M44109 <P>Greetings All,</P><P>we have received multiple alerts from Cybersecurity Team for the -&nbsp;<STRONG>CVE-2026-29146, </STRONG>tomcat software present in almost all the Esri Enterprise Products. 11.3 and 11.5 installations of ArcGIS Server and ArcGIS Portal, ArcGIS Data Store. I am unable to find any ESRI Patch or Document stating the vulnerability mitigation patch or the affect of this vulnerability to ESRI Enterprise Software Suite.</P><P>&nbsp;</P><TABLE width="1857"><TBODY><TR><TD width="64">SoftwareName</TD><TD width="64">SoftwareVersion</TD><TD width="103">CveId</TD><TD width="1626">EvidencePaths</TD></TR><TR><TD>tomcat</TD><TD>9.0.84.0</TD><TD>CVE-2026-29146</TD><TD>["c:\\program files\\arcgis\\server\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar"]</TD></TR><TR><TD>tomcat</TD><TD>9.0.84.0</TD><TD>CVE-2026-29146</TD><TD>["c:\\program files\\arcgis\\datastore\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar","c:\\program files\\arcgis\\portal\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar","c:\\program files\\arcgis\\server\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar"]</TD></TR><TR><TD>tomcat</TD><TD>10.1.34.0</TD><TD>CVE-2026-29146</TD><TD>["c:\\program files\\arcgis\\server\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar"]</TD></TR><TR><TD>tomcat</TD><TD>10.1.34.0</TD><TD>CVE-2026-29146</TD><TD>["c:\\program files\\arcgis\\server\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar"]</TD></TR><TR><TD>tomcat</TD><TD>10.1.34.0</TD><TD>CVE-2026-29146</TD><TD>["c:\\program files\\arcgis\\server\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar"]</TD></TR><TR><TD>tomcat</TD><TD>10.1.34.0</TD><TD>CVE-2026-29146</TD><TD>["c:\\program files\\arcgis\\server\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar"]</TD></TR><TR><TD>tomcat</TD><TD>9.0.84.0</TD><TD>CVE-2026-29146</TD><TD>["c:\\program files\\arcgis\\datastore\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar","c:\\program files\\arcgis\\server\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar"]</TD></TR><TR><TD>tomcat</TD><TD>9.0.62.0</TD><TD>CVE-2026-29146</TD><TD>["c:\\program files\\arcgis\\datastore\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar","c:\\program files\\arcgis\\server\\framework\\runtime\\tomcat\\bin\\tomcat-juli.jar"]</TD></TR></TBODY></TABLE> Wed, 29 Apr 2026 05:52:04 GMT https://community.esri.com/t5/arcgis-enterprise-questions/esri-enterprise-vulnerability-for-tomcat-cve-2026/m-p/1698901#M44109 vipulsoni 2026-04-29T05:52:04Z