Bug 2457025 (CVE-2026-32990) - CVE-2026-32990 Apache Tomcat: Apache Tomcat: Improper Input Validation vulnerability due to incomplete fix
Summary: CVE-2026-32990 Apache Tomcat: Apache Tomcat: Improper Input Validation vulner...
Keywords:
Status: NEW
Alias: CVE-2026-32990
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2457231
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-04-09 20:01 UTC by OSIDB Bzimport
Modified: 2026-04-30 13:59 UTC (History)
9 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:12194 0 None None None 2026-04-30 13:59:50 UTC
Red Hat Product Errata RHSA-2026:12195 0 None None None 2026-04-30 13:58:32 UTC

Description OSIDB Bzimport 2026-04-09 20:01:42 UTC 
Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614.

This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115.

Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue.
Comment 3 errata-xmlrpc 2026-04-30 13:58:30 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Web Server 6.2.2

Via RHSA-2026:12195 https://access.redhat.com/errata/RHSA-2026:12195
Comment 4 errata-xmlrpc 2026-04-30 13:59:49 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Web Server 6.2 on RHEL 10
  Red Hat JBoss Web Server 6.2 on RHEL 8
  Red Hat JBoss Web Server 6.2 on RHEL 9

Via RHSA-2026:12194 https://access.redhat.com/errata/RHSA-2026:12194
Note You need to log in before you can comment on or make changes to this bug.