PT-2026-31702 · Apache · Apache Tomcat

Zhengg

Published

2026-03-23

Updated

2026-04-24

CVE-2026-32990

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.15 through 11.0.19 Apache Tomcat versions 10.1.50 through 10.1.52 Apache Tomcat versions 9.0.113 through 9.0.115

Description Improper Input Validation occurs due to an incomplete fix of a previous security issue.

Recommendations Upgrade versions 11.0.15 through 11.0.19 to 11.0.20. Upgrade versions 10.1.50 through 10.1.52 to 10.1.53. Upgrade versions 9.0.113 through 9.0.115 to 9.0.116.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BIT-TOMCAT-2026-32990

CVE-2026-32990

GHSA-8MC5-53M5-3QJ2

MGASA-2026-0095

OESA-2026-1970

OPENSUSE-SU-2026:10547-1

OPENSUSE-SU-2026:10548-1

OPENSUSE-SU-2026:10549-1

OPENSUSE-SU-2026:20595-1

OPENSUSE-SU-2026:20611-1

OPENSUSE-SU-2026:20612-1

SUSE-SU-2026:1558-1

SUSE-SU-2026:1572-1

SUSE-SU-2026:1603-1

SUSE-SU-2026:1604-1

Affected Products

Apache Tomcat

PT-2026-31702 · Apache · Apache Tomcat

CVE-2026-32990

Weakness Enumeration

Related Identifiers

Affected Products

References · 80