MEDIUM 5.3 Maven
Apache Tomcat has an Improper Input Validation vulnerability
GHSA-8mc5-53m5-3qj2 · BIT-tomcat-2026-32990 · CVE-2026-32990
Published · Modified
Description
Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614.
This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115.
Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.
References
- ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-32990
- WEB https://github.com/apache/tomcat/commit/021d1f833e38b683a44688f7b28f1f27e8e37c36
- WEB https://github.com/apache/tomcat/commit/4d0615a5c718c260d6d4e0b944a050f09a490c02
- WEB https://github.com/apache/tomcat/commit/95f7778248cac46d03e6af04de9c72a598be3a53
- PACKAGE https://github.com/apache/tomcat
- WEB https://lists.apache.org/thread/1nl9zqft0ksqlhlkd3j4obyjz1ghoyn7
- WEB https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.53
- WEB https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.20
- WEB https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.116
- WEB https://www.herodevs.com/vulnerability-directory/cve-2026-32990
Ready to move
Start Securing
Free, no credit card | First findings in minutes