Home

Description

Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.

PUBLISHED Reserved 2026-03-17 | Published 2026-04-09 | Updated 2026-04-10 | Assigner apache

Problem types

CWE-20 Improper Input Validation

Product status

Default status
unaffected

11.0.15 (semver)
affected

10.1.50 (semver)
affected

9.0.113 (semver)
affected

Credits

zhengg finder

References

lists.apache.org/thread/1nl9zqft0ksqlhlkd3j4obyjz1ghoyn7 vendor-advisory

cve.org (CVE-2026-32990)

nvd.nist.gov (CVE-2026-32990)

Download JSON