CVE-2026-32990

EPSS 0.21%
Veröffentlicht 09.04.2026 20:16:24
Zuletzt bearbeitet 14.04.2026 12:47:51
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

Apache Tomcat: Fix for CVE-2025-66614 is incomplete

Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614.

This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115.

Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 3 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Tomcat Version >= 9.0.113 < 9.0.116

Apache ≫ Tomcat Version >= 10.1.50 < 10.1.53

Apache ≫ Tomcat Version >= 11.0.15 < 11.0.20

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.21%	0.429

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://lists.apache.org/thread/1nl9zqft0ksqlhlkd3j4obyjz1ghoyn7

Vendor Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2026-32990

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-32990

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-32990

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-32990