VDB

DEBIAN-CVE-2026-32990

DEBIAN-CVE-2026-32990 PUBLISHED CVSS 5.300000190734863 MEDIUM

Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.

Risk Scores

CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Products

VendorProductVersions
Debian:11tomcat99.0.63-1, 9.0.54-1, 9.0.55-1
Debian:14tomcat1111.0.6-1, 0, 11.0.15-1
Debian:12tomcat10*, 10.1.52-1~deb12u1, 10.1.52-1~deb13u1
Debian:13tomcat1111.0.18-1, 11.0.21-1, 11.0.6-1
Debian:14tomcat90, 0
Debian:13tomcat100, 10.1.40-1, 10.1.46-1
Debian:12tomcat90, 0
Debian:13tomcat90, 0
Debian:14tomcat1010.1.52-1, 10.1.52-1, 10.1.52-1

Exploit Intelligence

Timeline

  • Apr 9, 2026 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›