Improper Input Validation in Apache Tomcat Affects Multiple Versions
CVE-2026-32990

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Tomcat
Vendor: CVE Published:; 9 April 2026

What is CVE-2026-32990?

The vulnerability involves an improper input validation issue in Apache Tomcat, resulting from an incomplete fix of a prior vulnerability. This imperfection allows adversaries to potentially exploit the flaw, affecting users running versions 11.0.15 through 11.0.19, 10.1.50 through 10.1.52, and 9.0.113 through 9.0.115. Users are advised to upgrade to the latest versions (11.0.20, 10.1.53, or 9.0.116) to secure their systems against possible attacks.

Affected Version(s)

Apache Tomcat 11.0.15 <= 11.0.19

Apache Tomcat 10.1.50 <= 10.1.52

Apache Tomcat 9.0.113 <= 9.0.115

References

https://lists.apache.org/thread/1nl9zqft0ksqlhlkd3j4obyjz...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2026
Vulnerability Reserved
Mar 17, 2026

Credit

zhengg

CVE-2026-32990 Data

JSON