0--catalina.jar00-/usr/local/tomcat/lib/catalina.jarFALLBACK-2bda82fb11CVE-2026-34500: LanguageSpecificPackageVulnerability CLIENT_CERT authentication does not fail as expected for some scenario ... For additional help see: **Vulnerability CVE-2026-34500** | Severity | Package | Fixed Version | Link | | --- | --- | --- | --- | |MEDIUM|org.apache.tomcat:tomcat-catalina|9.0.117, 10.1.54, 11.0.21|[CVE-2026-34500](https://avd.aquasec.com/nvd/cve-2026-34500)| CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fixes the issue. Package: org.apache.tomcat:tomcat-catalina Installed Version: 9.0.115 Vulnerability CVE-2026-34500 Severity: MEDIUM Fixed Version: 9.0.117, 10.1.54, 11.0.21 Link: [CVE-2026-34500](https://avd.aquasec.com/nvd/cve-2026-34500)trivyTrivy Security Scanner-1398NORMALcatalina.jar(1,0): CVE-2026-34500: : CVE-2026-34500: LanguageSpecificPackageVulnerability CLIENT_CERT authentication does not fail as expected for some scenario ... For additional help see: **Vulnerability CVE-2026-34500** | Severity | Package | Fixed Version | Link | | --- | --- | --- | --- | |MEDIUM|org.apache.tomcat:tomcat-catalina|9.0.117, 10.1.54, 11.0.21|[CVE-2026-34500](https://avd.aquasec.com/nvd/cve-2026-34500)| CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fixes the issue. Package: org.apache.tomcat:tomcat-catalina Installed Version: 9.0.115 Vulnerability CVE-2026-34500 Severity: MEDIUM Fixed Version: 9.0.117, 10.1.54, 11.0.21 Link: [CVE-2026-34500](https://avd.aquasec.com/nvd/cve-2026-34500)CVE-2026-3450011 warning (normal: 1)