VDB
DEBIAN-CVE-2026-32990
DEBIAN-CVE-2026-32990
PUBLISHED
CVSS 5.300000190734863 MEDIUM
Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:11 | tomcat9 | 9.0.63-1, 9.0.54-1, 9.0.55-1 |
| Debian:14 | tomcat11 | 11.0.6-1, 0, 11.0.15-1 |
| Debian:12 | tomcat10 | *, 10.1.52-1~deb12u1, 10.1.52-1~deb13u1 |
| Debian:13 | tomcat11 | 11.0.18-1, 11.0.21-1, 11.0.6-1 |
| Debian:14 | tomcat9 | 0, 0 |
| Debian:13 | tomcat10 | 0, 10.1.40-1, 10.1.46-1 |
| Debian:12 | tomcat9 | 0, 0 |
| Debian:13 | tomcat9 | 0, 0 |
| Debian:14 | tomcat10 | 10.1.52-1, 10.1.52-1, 10.1.52-1 |
Exploit Intelligence
- CVE-2026-32990.yml (github-poc)
- suppressions.xml (github-poc)
Timeline
- Apr 9, 2026 CVE Published
- Apr 28, 2026 CVE Updated