CVE-2026-32990

Summary

Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614.

This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115.

Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Tomcat11.0.15 <= 11.0.19affected
Apache Software FoundationApache Tomcat10.1.50 <= 10.1.52affected
Apache Software FoundationApache Tomcat9.0.113 <= 9.0.115affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References