| Summary: Xerox assessed DocuShare for Apache Tomcat CVE-2026-29146 and determined that DocuShare is not affected because this issue requires Tomcat clustering with EncryptInterceptor, and DocuShare does not use Tomcat clustering in the supported deployment model. |
Applies To
| DocuShare Release | Guidance |
| DocuShare 7.5 | No action required for the shipped configuration. |
| DocuShare 7.6 | No action required for the shipped configuration. |
| DocuShare 7.7 | No action required for the shipped configuration. |
| DocuShare 8.0 | No action required for the shipped configuration. |
Overview
CVE-2026-29146 is an Apache Tomcat EncryptInterceptor issue associated with clustered Tomcat deployments using CBC mode by default.
Xerox DocuShare reviewed the relevant deployment requirement and determined that the Tomcat clustering path required for this vulnerability is not part of a supported DocuShare installation.
What the Vulnerability Requires
The vulnerability depends on a Tomcat feature that is not used in the supported DocuShare model.
- Tomcat in the affected version range for the EncryptInterceptor issue.
- Tomcat clustering enabled.
- EncryptInterceptor configured on the cluster path in the vulnerable mode.
DocuShare Assessment
| Assessment Item | Finding |
| Tomcat clustering in supported DocuShare deployment | Not used |
| EncryptInterceptor code path for DocuShare traffic | Not exercised |
| Customer guidance | Standard DocuShare deployments are not affected |
| Important: If your organization has implemented custom Tomcat clustering outside the supported Xerox deployment model, that customization should be reviewed separately because it is not the standard DocuShare architecture. |
What You Should Do
- No action is required for the supported Xerox DocuShare deployment model.
- If you have introduced Tomcat clustering as a custom architecture decision, review that configuration carefully.
- Do not assume that a Tomcat version change alone determines exposure for this CVE; the clustering feature requirement is the controlling factor.