Apache Tika Vulnerability Allows Information Disclosure or Manipulation

72% confidence

Description

A remote, anonymous attacker can exploit a vulnerability in Apache Tika to read sensitive data or trigger malicious requests to internal resources or third-party servers. [Auto-archived: reprocess_no_remaining_articles — 2026-04-16T12:11:35.631Z]

Affected Products

Vendor	Product	Versions
apache	apache tika	—

Related News (1 articles)

Tier B

BSI Advisories4d ago

[UPDATE] [hoch] Apache Tika: Schwachstelle ermöglicht Infogewinn oder Manipulation

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

CWECWE-200, CWE-918

PublishedApr 15, 2026

Last enriched4d ago

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-34197EXPKEV

Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans

Trending: 116

NONECVE-2026-31987EXP

Apache Airflow: JWT token appearing in logs

Trending: 46

HIGHCVE-2026-35554EXP

Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition

Trending: 39

MEDIUMCVE-2026-34479EXP

Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters

Trending: 39

MEDIUMCVE-2026-34480EXP

Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters

Trending: 39

Pin to Dashboard

Verification

State: archived

Confidence: 72%

Vulnerability Timeline

CVE Published

Apr 15, 2026

Discovered by ZDM

Apr 15, 2026