Improper Input Validation in Apache Tomcat Affects Multiple Versions
CVE-2026-32990

5.3MEDIUM

Key Information:

Vendor: Apache
Status: Apache Tomcat
Vendor: CVE Published:; 9 April 2026

What is CVE-2026-32990?

The vulnerability involves an improper input validation issue in Apache Tomcat, resulting from an incomplete fix of a prior vulnerability. This imperfection allows adversaries to potentially exploit the flaw, affecting users running versions 11.0.15 through 11.0.19, 10.1.50 through 10.1.52, and 9.0.113 through 9.0.115. Users are advised to upgrade to the latest versions (11.0.20, 10.1.53, or 9.0.116) to secure their systems against possible attacks.

Affected Version(s)

Apache Tomcat 11.0.15 <= 11.0.19

Apache Tomcat 10.1.50 <= 10.1.52

Apache Tomcat 9.0.113 <= 9.0.115

References

https://lists.apache.org/thread/1nl9zqft0ksqlhlkd3j4obyjz...

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2026
Vulnerability Reserved
Mar 17, 2026

Credit

zhengg

CVE-2026-32990 Data

JSON