CVE-2026-32990 — MEDIUM (5.3)

Q: How severe is CVE-2026-32990?

CVE-2026-32990 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-32990?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat.

Vulnerability Description

Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Tomcat	>= 9.0.113, < 9.0.116

Related Weaknesses (CWE)

CWE-20

References

https://lists.apache.org/thread/1nl9zqft0ksqlhlkd3j4obyjz1ghoyn7Mailing ListVendor Advisory

FAQ

What is CVE-2026-32990?

CVE-2026-32990 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from...

How severe is CVE-2026-32990?

CVE-2026-32990 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-32990?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat.