Refine your search
46 vulnerabilities found for Spring Framework by Spring
CVE-2026-41855 (GCVE-0-2026-41855)
Vulnerability from cvelistv5
Published
2026-06-09 03:51
Modified
2026-06-09 13:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Summary
In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and org.springframework.jms.support.converter.JacksonJsonMessageConverter allow arbitrary class instantiation, which can lead to unauthorized actions via gadget class deserialization.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Framework |
Version: 7.0.0 < 7.0.8 Version: 6.2.0 < 6.2.19 Version: 6.1.0 < 6.1.28 Version: 5.3.0 < 5.3.49 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41855",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:24:35.414299Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T13:24:50.073Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Framework",
"vendor": "Spring",
"versions": [
{
"lessThan": "7.0.8",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.2.19",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThan": "6.1.28",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "5.3.49",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and org.springframework.jms.support.converter.JacksonJsonMessageConverter allow arbitrary class instantiation, which can lead to unauthorized actions via gadget class deserialization.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"value": "In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and org.springframework.jms.support.converter.JacksonJsonMessageConverter allow arbitrary class instantiation, which can lead to unauthorized actions via gadget class deserialization.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "In an untrusted JMS environment, MappingJackson2MessageConverter and JacksonJsonMessageConverter allow arbitrary class instantiation via gadget class deserialization, potentially leading to unauthorized actions."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T03:51:57.287Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-41855"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Framework Unsafe Deserialization via Jackson JMS Converters",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-41855",
"datePublished": "2026-06-09T03:51:57.287Z",
"dateReserved": "2026-04-22T06:22:10.081Z",
"dateUpdated": "2026-06-09T13:24:50.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41854 (GCVE-0-2026-41854)
Vulnerability from cvelistv5
Published
2026-06-09 03:51
Modified
2026-06-09 13:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Summary
Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery (SSRF) attack.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Framework |
Version: 7.0.0 < 7.0.8 Version: 6.2.0 < 6.2.19 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41854",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:25:04.895135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T13:25:15.484Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Framework",
"vendor": "Spring",
"versions": [
{
"lessThan": "7.0.8",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.2.19",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery (SSRF) attack.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18."
}
],
"value": "Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery (SSRF) attack.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Incorrect host parsing in UriComponentsBuilder allows an attacker to supply an externally provided URL string that bypasses validation, resulting in a server-side request forgery attack."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T03:51:49.021Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-41854"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Framework Server-Side Request Forgery via UriComponentsBuilder",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-41854",
"datePublished": "2026-06-09T03:51:49.021Z",
"dateReserved": "2026-04-22T06:22:10.081Z",
"dateUpdated": "2026-06-09T13:25:15.484Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41853 (GCVE-0-2026-41853)
Vulnerability from cvelistv5
Published
2026-06-09 03:51
Modified
2026-06-09 13:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-444 - Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling)
Summary
Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Framework |
Version: 7.0.0 < 7.0.8 Version: 6.2.0 < 6.2.19 Version: 6.1.0 < 6.1.28 Version: 5.3.0 < 5.3.49 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41853",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:22:10.822220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T13:23:36.844Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Framework",
"vendor": "Spring",
"versions": [
{
"lessThan": "7.0.8",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.2.19",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThan": "6.1.28",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "5.3.49",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"value": "Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker can send malicious multipart requests that are parsed differently by the application versus its WAF or proxy, bypassing security checks in applications that accept multipart requests."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-444",
"description": "CWE-444: Inconsistent Interpretation of HTTP Requests (HTTP Request/Response Smuggling)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T03:51:44.875Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-41853"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Framework Multipart Request Smuggling in Spring MVC and WebFlux",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-41853",
"datePublished": "2026-06-09T03:51:44.875Z",
"dateReserved": "2026-04-22T06:22:08.200Z",
"dateUpdated": "2026-06-09T13:23:36.844Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41852 (GCVE-0-2026-41852)
Vulnerability from cvelistv5
Published
2026-06-09 03:51
Modified
2026-06-09 13:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-863 - Incorrect Authorization
Summary
A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Framework |
Version: 7.0.0 < 7.0.8 Version: 6.2.0 < 6.2.19 Version: 6.1.0 < 6.1.28 Version: 5.3.0 < 5.3.49 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41852",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:38:34.698992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T13:38:43.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Framework",
"vendor": "Spring",
"versions": [
{
"lessThan": "7.0.8",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.2.19",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThan": "6.1.28",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "5.3.49",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"value": "A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker who can supply user-controlled SpEL expressions can invoke arbitrary zero-argument methods even within restricted or read-only SpEL contexts, potentially triggering unintended application logic."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T03:51:39.908Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-41852"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Framework Arbitrary Method Invocation in SpEL Expressions",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-41852",
"datePublished": "2026-06-09T03:51:39.908Z",
"dateReserved": "2026-04-22T06:22:08.200Z",
"dateUpdated": "2026-06-09T13:38:43.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41851 (GCVE-0-2026-41851)
Vulnerability from cvelistv5
Published
2026-06-09 03:51
Modified
2026-06-09 13:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Summary
Applications which accept user-supplied Spring Expression Language (SpEL) expressions may be vulnerable to a Denial of Service (DoS) attack if the evaluation of a SpEL expression triggers unbounded cache growth.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Framework |
Version: 7.0.0 < 7.0.8 Version: 6.2.0 < 6.2.19 Version: 6.1.0 < 6.1.28 Version: 5.3.0 < 5.3.49 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41851",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:34:51.694460Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T13:34:58.008Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Framework",
"vendor": "Spring",
"versions": [
{
"lessThan": "7.0.8",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.2.19",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThan": "6.1.28",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "5.3.49",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Applications which accept user-supplied Spring Expression Language (SpEL) expressions may be vulnerable to a Denial of Service (DoS) attack if the evaluation of a SpEL expression triggers unbounded cache growth.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"value": "Applications which accept user-supplied Spring Expression Language (SpEL) expressions may be vulnerable to a Denial of Service (DoS) attack if the evaluation of a SpEL expression triggers unbounded cache growth.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker who can supply user-controlled SpEL expressions to an application that caches parsed expressions can cause unbounded cache growth, resulting in memory exhaustion and denial of service."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T03:51:32.074Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-41851"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Framework Denial of Service via Unbounded Cache in SpEL",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-41851",
"datePublished": "2026-06-09T03:51:32.074Z",
"dateReserved": "2026-04-22T06:22:08.200Z",
"dateUpdated": "2026-06-09T13:34:58.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41850 (GCVE-0-2026-41850)
Vulnerability from cvelistv5
Published
2026-06-09 03:51
Modified
2026-06-09 13:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-407 - Inefficient Algorithmic Complexity
Summary
Applications that evaluate user-supplied Spring Expression Language (SpEL) expressions are vulnerable to an Algorithmic Denial of Service (DoS). By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading to application degradation or unavailability.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Framework |
Version: 7.0.0 < 7.0.8 Version: 6.2.0 < 6.2.19 Version: 6.1.0 < 6.1.28 Version: 5.3.0 < 5.3.49 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41850",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:34:30.887287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T13:34:37.847Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Framework",
"vendor": "Spring",
"versions": [
{
"lessThan": "7.0.8",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.2.19",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThan": "6.1.28",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "5.3.49",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Applications that evaluate user-supplied Spring Expression Language (SpEL) expressions are vulnerable to an Algorithmic Denial of Service (DoS). By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading to application degradation or unavailability.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"value": "Applications that evaluate user-supplied Spring Expression Language (SpEL) expressions are vulnerable to an Algorithmic Denial of Service (DoS). By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading to application degradation or unavailability.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker who can supply user-controlled SpEL expressions can provide a specially crafted expression that triggers excessive resource consumption during evaluation, leading to application degradation or unavailability."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-407",
"description": "CWE-407: Inefficient Algorithmic Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T03:51:22.479Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-41850"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Framework Algorithmic Denial of Service via SpEL Expressions",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-41850",
"datePublished": "2026-06-09T03:51:22.479Z",
"dateReserved": "2026-04-22T06:22:08.200Z",
"dateUpdated": "2026-06-09T13:34:37.847Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41849 (GCVE-0-2026-41849)
Vulnerability from cvelistv5
Published
2026-06-09 03:51
Modified
2026-06-09 13:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Summary
An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language (SpEL). An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service (DoS).
Affected versions:
Spring Framework 5.3.0 through 5.3.48.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Framework |
Version: 5.3.0 < 5.3.49 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41849",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:32:54.979277Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T13:33:03.542Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Framework",
"vendor": "Spring",
"versions": [
{
"lessThan": "5.3.49",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language (SpEL). An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service (DoS).\n\nAffected versions:\nSpring Framework 5.3.0 through 5.3.48."
}
],
"value": "An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language (SpEL). An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service (DoS).\n\nAffected versions:\nSpring Framework 5.3.0 through 5.3.48."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker who can supply user-controlled SpEL expressions can trigger an integer overflow in the evaluation logic, causing excessive resource consumption and denial of service."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T03:51:17.283Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-41849"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Framework Denial of Service via Integer Overflow in SpEL Expressions",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-41849",
"datePublished": "2026-06-09T03:51:17.283Z",
"dateReserved": "2026-04-22T06:22:08.200Z",
"dateUpdated": "2026-06-09T13:33:03.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41848 (GCVE-0-2026-41848)
Vulnerability from cvelistv5
Published
2026-06-09 03:51
Modified
2026-06-09 13:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1333 - Inefficient Regular Expression Complexity
Summary
Applications may be vulnerable to a Regular Expression Denial of Service (ReDoS) attack if an attacker is able to provide a pattern which is then directly or indirectly supplied to one of the following methods in AntPathMatcher: match(String pattern, String path), matchStart(String pattern, String path), extractUriTemplateVariables(String pattern, String path).
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Framework |
Version: 7.0.0 < 7.0.8 Version: 6.2.0 < 6.2.19 Version: 6.1.0 < 6.1.28 Version: 5.3.0 < 5.3.49 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41848",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:34:06.523315Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T13:34:15.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Framework",
"vendor": "Spring",
"versions": [
{
"lessThan": "7.0.8",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.2.19",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThan": "6.1.28",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "5.3.49",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Applications may be vulnerable to a Regular Expression Denial of Service (ReDoS) attack if an attacker is able to provide a pattern which is then directly or indirectly supplied to one of the following methods in AntPathMatcher: match(String pattern, String path), matchStart(String pattern, String path), extractUriTemplateVariables(String pattern, String path).\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"value": "Applications may be vulnerable to a Regular Expression Denial of Service (ReDoS) attack if an attacker is able to provide a pattern which is then directly or indirectly supplied to one of the following methods in AntPathMatcher: match(String pattern, String path), matchStart(String pattern, String path), extractUriTemplateVariables(String pattern, String path).\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker who can supply a pattern to AntPathMatcher.match(), matchStart(), or extractUriTemplateVariables() can trigger a Regular Expression Denial of Service (ReDoS) leading to excessive resource consumption."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T03:51:12.801Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-41848"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Framework Denial of Service via AntPathMatcher",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-41848",
"datePublished": "2026-06-09T03:51:12.801Z",
"dateReserved": "2026-04-22T06:22:08.200Z",
"dateUpdated": "2026-06-09T13:34:15.339Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41847 (GCVE-0-2026-41847)
Vulnerability from cvelistv5
Published
2026-06-09 03:51
Modified
2026-06-09 13:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL.
Affected versions:
Spring Framework 5.3.0 through 5.3.48.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Framework |
Version: 5.3.0 < 5.3.49 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41847",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:33:48.567067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T13:33:56.075Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Framework",
"vendor": "Spring",
"versions": [
{
"lessThan": "5.3.49",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL.\n\nAffected versions:\nSpring Framework 5.3.0 through 5.3.48."
}
],
"value": "Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL.\n\nAffected versions:\nSpring Framework 5.3.0 through 5.3.48."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Security-related modifications applied to a ServerRequest by a filter in the WebFlux Kotlin Router DSL are silently discarded, causing security enrichment to have no effect and allowing security bypass."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T03:51:03.298Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-41847"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Framework Security Filter Bypass in WebFlux Kotlin Router DSL",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-41847",
"datePublished": "2026-06-09T03:51:03.298Z",
"dateReserved": "2026-04-22T06:22:08.200Z",
"dateUpdated": "2026-06-09T13:33:56.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41846 (GCVE-0-2026-41846)
Vulnerability from cvelistv5
Published
2026-06-09 03:50
Modified
2026-06-09 13:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)
Summary
Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scripting (XSS) vulnerability.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Framework |
Version: 7.0.0 < 7.0.8 Version: 6.2.0 < 6.2.19 Version: 6.1.0 < 6.1.28 Version: 5.3.0 < 5.3.49 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41846",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:33:32.578842Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T13:33:38.978Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Framework",
"vendor": "Spring",
"versions": [
{
"lessThan": "7.0.8",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.2.19",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThan": "6.1.28",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "5.3.49",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scripting (XSS) vulnerability.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"value": "Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scripting (XSS) vulnerability.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Spring MVC applications that accept user-supplied values in JSP form tag CSS attributes allow arbitrary HTML and JavaScript code injection, potentially resulting in a cross-site scripting vulnerability."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T03:50:56.840Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-41846"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Framework Cross-site Scripting via JSP Form Tags",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-41846",
"datePublished": "2026-06-09T03:50:56.840Z",
"dateReserved": "2026-04-22T06:22:08.200Z",
"dateUpdated": "2026-06-09T13:33:38.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41845 (GCVE-0-2026-41845)
Vulnerability from cvelistv5
Published
2026-06-09 03:50
Modified
2026-06-09 13:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)
Summary
Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape() may lead to JavaScript code injection in the browser, potentially resulting in a cross-site scripting (XSS) vulnerability.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Framework |
Version: 7.0.0 < 7.0.8 Version: 6.2.0 < 6.2.19 Version: 6.1.0 < 6.1.28 Version: 5.3.0 < 5.3.49 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41845",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:33:16.137910Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T13:33:23.346Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Framework",
"vendor": "Spring",
"versions": [
{
"lessThan": "7.0.8",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.2.19",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThan": "6.1.28",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "5.3.49",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape() may lead to JavaScript code injection in the browser, potentially resulting in a cross-site scripting (XSS) vulnerability.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"value": "Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape() may lead to JavaScript code injection in the browser, potentially resulting in a cross-site scripting (XSS) vulnerability.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Incorrect escaping in JavaScriptUtils.javaScriptEscape() allows an attacker to inject arbitrary JavaScript code into the browser, resulting in a stored or reflected cross-site scripting vulnerability."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T03:50:48.454Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-41845"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Framework Cross-site Scripting via JavaScriptUtils",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-41845",
"datePublished": "2026-06-09T03:50:48.454Z",
"dateReserved": "2026-04-22T06:22:08.200Z",
"dateUpdated": "2026-06-09T13:33:23.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41844 (GCVE-0-2026-41844)
Vulnerability from cvelistv5
Published
2026-06-09 03:50
Modified
2026-06-09 13:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-601 - URL Redirection to Untrusted Site (Open Redirect)
Summary
A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Framework |
Version: 7.0.0 < 7.0.8 Version: 6.2.0 < 6.2.19 Version: 6.1.0 < 6.1.28 Version: 5.3.0 < 5.3.49 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41844",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:31:22.517177Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T13:31:29.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Framework",
"vendor": "Spring",
"versions": [
{
"lessThan": "7.0.8",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.2.19",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThan": "6.1.28",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "5.3.49",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Spring MVC or Spring WebFlux application which configures a mapping for \"/**\" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"value": "A Spring MVC or Spring WebFlux application which configures a mapping for \"/**\" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker can craft a URL that causes a 302 redirect to an arbitrary external host or an internal forward via the redirect: or forward: prefixes in Spring MVC and WebFlux wildcard mappings."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (Open Redirect)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T03:50:39.340Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-41844"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Framework Open Redirect in Spring MVC and WebFlux",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-41844",
"datePublished": "2026-06-09T03:50:39.340Z",
"dateReserved": "2026-04-22T06:22:08.199Z",
"dateUpdated": "2026-06-09T13:31:29.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41843 (GCVE-0-2026-41843)
Vulnerability from cvelistv5
Published
2026-06-09 03:50
Modified
2026-06-09 13:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)
Summary
Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Framework |
Version: 7.0.0 < 7.0.8 Version: 6.2.0 < 6.2.19 Version: 6.1.0 < 6.1.28 Version: 5.3.0 < 5.3.49 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41843",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:32:26.703629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T13:32:33.706Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Framework",
"vendor": "Spring",
"versions": [
{
"lessThan": "7.0.8",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.2.19",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThan": "6.1.28",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "5.3.49",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"value": "Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker with knowledge of resource metadata can send malicious requests to resolve files outside the configured resource locations via path traversal in versioned static resource handling."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T03:50:34.480Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-41843"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Framework Path Traversal via Versioned Static Resources in Spring MVC and WebFlux",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-41843",
"datePublished": "2026-06-09T03:50:34.480Z",
"dateReserved": "2026-04-22T06:22:01.123Z",
"dateUpdated": "2026-06-09T13:32:33.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41842 (GCVE-0-2026-41842)
Vulnerability from cvelistv5
Published
2026-06-09 03:50
Modified
2026-06-09 13:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when resolving static resources.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Framework |
Version: 7.0.0 < 7.0.8 Version: 6.2.0 < 6.2.19 Version: 6.1.0 < 6.1.28 Version: 5.3.0 < 5.3.49 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41842",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:32:03.941876Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T13:32:11.863Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Framework",
"vendor": "Spring",
"versions": [
{
"lessThan": "7.0.8",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.2.19",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThan": "6.1.28",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "5.3.49",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when resolving static resources.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"value": "Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when resolving static resources.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker can send malicious requests targeting versioned static resources that are slow to resolve, exhausting HTTP connections and causing denial of service."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T03:50:29.899Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-41842"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Framework Denial of Service via Versioned Resources in Spring MVC and WebFlux",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-41842",
"datePublished": "2026-06-09T03:50:29.899Z",
"dateReserved": "2026-04-22T06:22:01.123Z",
"dateUpdated": "2026-06-09T13:32:11.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41841 (GCVE-0-2026-41841)
Vulnerability from cvelistv5
Published
2026-06-09 03:50
Modified
2026-06-09 13:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-524 - Use of Cache-Containing Sensitive Information to Aid in Security Bypass
Summary
Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Framework |
Version: 7.0.0 < 7.0.8 Version: 6.2.0 < 6.2.19 Version: 6.1.0 < 6.1.28 Version: 5.3.0 < 5.3.49 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41841",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:31:40.600918Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T13:31:49.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Framework",
"vendor": "Spring",
"versions": [
{
"lessThan": "7.0.8",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.2.19",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThan": "6.1.28",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "5.3.49",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"value": "Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker can access a protected static resource by exploiting a shared resource cache that first resolved and cached a publicly available resource with the same name, bypassing authentication controls."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-524",
"description": "CWE-524: Use of Cache-Containing Sensitive Information to Aid in Security Bypass",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T03:50:20.843Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-41841"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Framework Information Disclosure via Static Resource Cache in Spring MVC and WebFlux",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-41841",
"datePublished": "2026-06-09T03:50:20.843Z",
"dateReserved": "2026-04-22T06:22:01.123Z",
"dateUpdated": "2026-06-09T13:31:49.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41840 (GCVE-0-2026-41840)
Vulnerability from cvelistv5
Published
2026-06-09 03:50
Modified
2026-06-09 13:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Framework |
Version: 7.0.0 < 7.0.8 Version: 6.2.0 < 6.2.19 Version: 6.1.0 < 6.1.28 Version: 5.3.0 < 5.3.49 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41840",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:31:02.488493Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T13:31:11.330Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Framework",
"vendor": "Spring",
"versions": [
{
"lessThan": "7.0.8",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.2.19",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThan": "6.1.28",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "5.3.49",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"value": "Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "An attacker can send malicious multipart requests to a Spring WebFlux application to cause memory leaks, potentially leading to denial of service."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T03:50:15.174Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-41840"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Framework Denial of Service via Multipart Requests in WebFlux",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-41840",
"datePublished": "2026-06-09T03:50:15.174Z",
"dateReserved": "2026-04-22T06:22:01.123Z",
"dateUpdated": "2026-06-09T13:31:11.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41839 (GCVE-0-2026-41839)
Vulnerability from cvelistv5
Published
2026-06-09 03:49
Modified
2026-06-09 13:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-384 - Session Fixation
Summary
A WebFlux application with a compromised subdomain (for example, compromised via cross-site scripting (XSS)) is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Framework |
Version: 7.0.0 < 7.0.8 Version: 6.2.0 < 6.2.19 Version: 6.1.0 < 6.1.28 Version: 5.3.0 < 5.3.49 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41839",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:30:25.839375Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T13:30:34.473Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Framework",
"vendor": "Spring",
"versions": [
{
"lessThan": "7.0.8",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.2.19",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThan": "6.1.28",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "5.3.49",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A WebFlux application with a compromised subdomain (for example, compromised via cross-site scripting (XSS)) is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"value": "A WebFlux application with a compromised subdomain (for example, compromised via cross-site scripting (XSS)) is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "A WebFlux application with a compromised subdomain is vulnerable to a session fixation escalation attack that allows an attacker to exchange a known session ID for that of an authenticated user."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384: Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T03:49:52.381Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-41839"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Framework Escalation via Session Fixation in WebFlux",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-41839",
"datePublished": "2026-06-09T03:49:52.381Z",
"dateReserved": "2026-04-22T06:22:01.123Z",
"dateUpdated": "2026-06-09T13:30:34.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41838 (GCVE-0-2026-41838)
Vulnerability from cvelistv5
Published
2026-06-09 03:49
Modified
2026-06-09 13:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-330 - Use of Insufficiently Random Values
Summary
IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules.
Affected versions:
Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Framework |
Version: 7.0.0 < 7.0.8 Version: 6.2.0 < 6.2.19 Version: 6.1.0 < 6.1.28 Version: 5.3.0 < 5.3.49 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41838",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-09T13:39:36.187494Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T13:39:43.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Framework",
"vendor": "Spring",
"versions": [
{
"lessThan": "7.0.8",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThan": "6.2.19",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThan": "6.1.28",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThan": "5.3.49",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"value": "IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules.\n\nAffected versions:\nSpring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Predictable WebSocket session IDs in the spring-websocket module may allow an attacker to hijack sessions when combined with inadequate authorization rules, leading to unauthorized access."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-09T03:49:15.933Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-41838"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Framework Predictable Session ID in WebSocket Module",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-41838",
"datePublished": "2026-06-09T03:49:15.933Z",
"dateReserved": "2026-04-22T06:22:01.122Z",
"dateUpdated": "2026-06-09T13:39:43.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22737 (GCVE-0-2026-22737)
Vulnerability from cvelistv5
Published
2026-03-19 23:53
Modified
2026-03-20 14:43
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Framework |
Version: 7.0.0 < Version: 6.2.0 < Version: 6.1.0 < Version: 5.3.0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22737",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-20T14:43:36.520127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T14:43:50.722Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Spring Framework",
"vendor": "Spring",
"versions": [
{
"lessThanOrEqual": "7.0.5",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.2.16",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "6.1.25",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "5.3.46",
"status": "affected",
"version": "5.3.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUse of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views.\u0026nbsp;\u003cspan\u003eThis issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views.\u00a0This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-19T23:53:59.918Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-22737"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Framework Improper Path Limitation with Script View Templates",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-22737",
"datePublished": "2026-03-19T23:53:59.918Z",
"dateReserved": "2026-01-09T06:54:49.674Z",
"dateUpdated": "2026-03-20T14:43:50.722Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-22233 (GCVE-0-2025-22233)
Vulnerability from cvelistv5
Published
2025-05-16 19:14
Modified
2025-05-17 02:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks.
Affected Spring Products and Versions
Spring Framework:
* 6.2.0 - 6.2.6
* 6.1.0 - 6.1.19
* 6.0.0 - 6.0.27
* 5.3.0 - 5.3.42
* Older, unsupported versions are also affected
Mitigation
Users of affected versions should upgrade to the corresponding fixed version.
Affected version(s)Fix Version Availability 6.2.x
6.2.7
OSS6.1.x
6.1.20
OSS6.0.x
6.0.28
Commercial https://enterprise.spring.io/ 5.3.x
5.3.43
Commercial https://enterprise.spring.io/
No further mitigation steps are necessary.
Generally, we recommend using a dedicated model object with properties only for data binding, or using constructor binding since constructor arguments explicitly declare what to bind together with turning off setter binding through the declarativeBinding flag. See the Model Design section in the reference documentation.
For setting binding, prefer the use of allowedFields (an explicit list) over disallowedFields.
Credit
This issue was responsibly reported by the TERASOLUNA Framework Development Team from NTT DATA Group Corporation.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring | Spring Framework |
Version: 6.2.0 Version: 6.1.0 Version: 6.0.0 Version: 5.3.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22233",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-17T02:36:53.736871Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-17T02:37:03.191Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Spring Framework",
"vendor": "Spring",
"versions": [
{
"lessThanOrEqual": "6.2.6",
"status": "affected",
"version": "6.2.0",
"versionType": "Framework"
},
{
"lessThanOrEqual": "6.1.19",
"status": "affected",
"version": "6.1.0",
"versionType": "Framework"
},
{
"lessThanOrEqual": "6.0.27",
"status": "affected",
"version": "6.0.0",
"versionType": "Enterprise Framework"
},
{
"lessThanOrEqual": "5.3.42",
"status": "affected",
"version": "5.3.0",
"versionType": "Enterprise Framework"
},
{
"status": "unaffected",
"version": "6.2.7",
"versionType": "Framework"
},
{
"status": "unaffected",
"version": "6.1.20",
"versionType": "Framework"
},
{
"status": "unaffected",
"version": "6.0.28",
"versionType": "Enterprise Framework"
},
{
"status": "unaffected",
"version": "5.3.43",
"versionType": "Entrprise Framework"
}
]
}
],
"datePublic": "2025-05-15T15:02:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eAffected Spring Products and Versions\u003c/b\u003e\u003cbr\u003e\u003cbr\u003eSpring Framework:\u003cbr\u003e\u003cul\u003e\u003cli\u003e6.2.0 - 6.2.6\u003cbr\u003e\u003c/li\u003e\u003cli\u003e6.1.0 - 6.1.19\u003cbr\u003e\u003c/li\u003e\u003cli\u003e6.0.0 - 6.0.27\u003cbr\u003e\u003c/li\u003e\u003cli\u003e5.3.0 - 5.3.42\u003c/li\u003e\u003cli\u003eOlder, unsupported versions are also affected\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cb\u003eMitigation\u003c/b\u003e\u003cbr\u003e\u003cbr\u003eUsers of affected versions should upgrade to the corresponding fixed version.\u003cbr\u003e\u003cbr\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003eAffected version(s)\u003c/td\u003e\u003ctd\u003eFix Version\u0026nbsp;\u003c/td\u003e\u003ctd\u003eAvailability\u0026nbsp;\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e6.2.x\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e 6.2.7\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eOSS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e6.1.x\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e 6.1.20\u003cbr\u003e\u003c/td\u003e\u003ctd\u003eOSS\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e6.0.x\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e 6.0.28\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://enterprise.spring.io/\"\u003eCommercial\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003e5.3.x\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e 5.3.43\u003cbr\u003e\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://enterprise.spring.io/\"\u003eCommercial\u003c/a\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNo further mitigation steps are necessary.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003eGenerally, we recommend using a dedicated model object with properties only for data binding, or using constructor binding since constructor arguments explicitly declare what to bind together with turning off setter binding through the declarativeBinding flag. See the Model Design section in the reference documentation.\u003cbr\u003e\u003cbr\u003eFor setting binding, prefer the use of allowedFields (an explicit list) over disallowedFields.\u003cbr\u003e\u003cbr\u003eCredit\u003cbr\u003e\u003cbr\u003eThis issue was responsibly reported by the TERASOLUNA Framework Development Team from NTT DATA Group Corporation.\u003cbr\u003e"
}
],
"value": "CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks.\n\nAffected Spring Products and Versions\n\nSpring Framework:\n * 6.2.0 - 6.2.6\n\n * 6.1.0 - 6.1.19\n\n * 6.0.0 - 6.0.27\n\n * 5.3.0 - 5.3.42\n * Older, unsupported versions are also affected\n\n\n\nMitigation\n\nUsers of affected versions should upgrade to the corresponding fixed version.\n\nAffected version(s)Fix Version\u00a0Availability\u00a06.2.x\n 6.2.7\nOSS6.1.x\n 6.1.20\nOSS6.0.x\n 6.0.28\n Commercial https://enterprise.spring.io/ 5.3.x\n 5.3.43\n Commercial https://enterprise.spring.io/ \nNo further mitigation steps are necessary.\n\n\nGenerally, we recommend using a dedicated model object with properties only for data binding, or using constructor binding since constructor arguments explicitly declare what to bind together with turning off setter binding through the declarativeBinding flag. See the Model Design section in the reference documentation.\n\nFor setting binding, prefer the use of allowedFields (an explicit list) over disallowedFields.\n\nCredit\n\nThis issue was responsibly reported by the TERASOLUNA Framework Development Team from NTT DATA Group Corporation."
}
],
"impacts": [
{
"capecId": "CAPEC-137",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-137: Parameter Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-16T19:14:07.500Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N\u0026version=3.1"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Spring Framework DataBinder Case Sensitive Match Exception",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22233",
"datePublished": "2025-05-16T19:14:07.500Z",
"dateReserved": "2025-01-02T04:29:59.191Z",
"dateUpdated": "2025-05-17T02:37:03.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2026-AVI-0457
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Spring Framework. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Spring | Spring Framework | Framework versions 6.1.x antérieures à 6.1.27 | ||
| Spring | Spring Framework | Framework versions 7.0.x antérieures à 7.0.7 | ||
| Spring | Spring Framework | Framework versions 5.3.x antérieures à 5.3.48 | ||
| Spring | Spring Framework | Framework versions 6.2.x antérieures à 6.2.18 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Framework versions 6.1.x ant\u00e9rieures \u00e0 6.1.27",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Framework versions 7.0.x ant\u00e9rieures \u00e0 7.0.7",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Framework versions 5.3.x ant\u00e9rieures \u00e0 5.3.48",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Framework versions 6.2.x ant\u00e9rieures \u00e0 6.2.18",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-22740",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22740"
},
{
"name": "CVE-2026-22741",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22741"
},
{
"name": "CVE-2026-22745",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22745"
}
],
"initial_release_date": "2026-04-20T00:00:00",
"last_revision_date": "2026-04-20T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0457",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-04-20T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Spring Framework. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Spring Framework",
"vendor_advisories": [
{
"published_at": "2026-04-17",
"title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2026-22745",
"url": "https://spring.io/security/cve-2026-22745"
},
{
"published_at": "2026-04-17",
"title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2026-22740",
"url": "https://spring.io/security/cve-2026-22740"
},
{
"published_at": "2026-04-17",
"title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2026-22741",
"url": "https://spring.io/security/cve-2026-22741"
}
]
}
CERTFR-2026-AVI-0323
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Spring. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Spring | Spring Security | Security versions 5.8.23 antérieures à 5.8.24 | ||
| Spring | Spring Framework | Framework versions 5.3.x antérieures à 5.3.47 | ||
| Spring | Spring Boot | Boot versions 4.0.x antérieures à 4.0.4 | ||
| Spring | Spring Boot | Boot versions 3.3.x antérieures à 3.3.18 | ||
| Spring | Spring Security | Security versions 7.0.3 antérieures à 7.0.4 | ||
| Spring | Spring Framework | Framework versions 6.1.x antérieures à 6.1.26 | ||
| Spring | Spring Boot | Boot versions 3.5.x antérieures à 3.5.12 | ||
| Spring | Spring Boot | Boot versions 2.7.x antérieures à 2.7.32 | ||
| Spring | Spring Framework | Framework versions 6.2.x antérieures à 6.2.17 | ||
| Spring | Spring Security | Security versions 6.5.8 antérieures à 6.5.9 | ||
| Spring | Spring Security | Security versions 6.4.14 antérieures à 6.4.15 | ||
| Spring | Spring Framework | Framework versions 7.0.x antérieures à 7.0.6 | ||
| Spring | Spring Boot | Boot versions 3.4.x antérieures à 3.4.15 | ||
| Spring | Spring Security | Security versions 5.7.21 antérieures à 5.7.22 | ||
| Spring | Spring Security | Security versions 6.3.14 antérieures à 6.3.15 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Security versions 5.8.23 ant\u00e9rieures \u00e0 5.8.24",
"product": {
"name": "Spring Security",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Framework versions 5.3.x ant\u00e9rieures \u00e0 5.3.47",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Boot versions 4.0.x ant\u00e9rieures \u00e0 4.0.4",
"product": {
"name": "Spring Boot",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Boot versions 3.3.x ant\u00e9rieures \u00e0 3.3.18",
"product": {
"name": "Spring Boot",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Security versions 7.0.3 ant\u00e9rieures \u00e0 7.0.4",
"product": {
"name": "Spring Security",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Framework versions 6.1.x ant\u00e9rieures \u00e0 6.1.26",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Boot versions 3.5.x ant\u00e9rieures \u00e0 3.5.12",
"product": {
"name": "Spring Boot",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Boot versions 2.7.x ant\u00e9rieures \u00e0 2.7.32",
"product": {
"name": "Spring Boot",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Framework versions 6.2.x ant\u00e9rieures \u00e0 6.2.17",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Security versions 6.5.8 ant\u00e9rieures \u00e0 6.5.9",
"product": {
"name": "Spring Security",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Security versions 6.4.14 ant\u00e9rieures \u00e0 6.4.15",
"product": {
"name": "Spring Security",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Framework versions 7.0.x ant\u00e9rieures \u00e0 7.0.6",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Boot versions 3.4.x ant\u00e9rieures \u00e0 3.4.15",
"product": {
"name": "Spring Boot",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Security versions 5.7.21 ant\u00e9rieures \u00e0 5.7.22",
"product": {
"name": "Spring Security",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Security versions 6.3.14 ant\u00e9rieures \u00e0 6.3.15",
"product": {
"name": "Spring Security",
"vendor": {
"name": "Spring",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-22737",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22737"
},
{
"name": "CVE-2026-22718",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22718"
},
{
"name": "CVE-2026-22731",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22731"
},
{
"name": "CVE-2026-22732",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22732"
},
{
"name": "CVE-2026-22733",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22733"
},
{
"name": "CVE-2026-22735",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-22735"
}
],
"initial_release_date": "2026-03-20T00:00:00",
"last_revision_date": "2026-03-20T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0323",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-03-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Spring. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Spring",
"vendor_advisories": [
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2026-22732",
"url": "https://spring.io/security/cve-2026-22732"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2026-22731",
"url": "https://spring.io/security/cve-2026-22731"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2026-22733",
"url": "https://spring.io/security/cve-2026-22733"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2026-22737",
"url": "https://spring.io/security/cve-2026-22737"
},
{
"published_at": "2026-03-19",
"title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2026-22735",
"url": "https://spring.io/security/cve-2026-22735"
}
]
}
CERTFR-2025-AVI-0883
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Spring. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Spring | Spring Framework | Spring Framework versions 5.3.x antérieures à 5.3.46 | ||
| Spring | Cloud Gateway Server | Cloud Gateway versions 4.3.x antérieures à 4.3.2 | ||
| Spring | Cloud Gateway Server | Cloud Gateway versions antérieures à 3.1.12 | ||
| Spring | Cloud Gateway Server | Cloud Gateway versions 4.1.x antérieures à 4.1.12 | ||
| Spring | Spring Framework | Spring Framework versions 6.x antérieures à 6.1.24 | ||
| Spring | Spring Framework | Spring Framework versions 6.2.x antérieures à 6.2.12 | ||
| Spring | Cloud Gateway Server | Cloud Gateway versions 4.0.x antérieures à 4.1.12 | ||
| Spring | Cloud Gateway Server | Cloud Gateway versions 4.2.x antérieures à 4.2.6 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Spring Framework versions 5.3.x ant\u00e9rieures \u00e0 5.3.46",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Cloud Gateway versions 4.3.x ant\u00e9rieures \u00e0 4.3.2",
"product": {
"name": "Cloud Gateway Server",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Cloud Gateway versions ant\u00e9rieures \u00e0 3.1.12",
"product": {
"name": "Cloud Gateway Server",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Cloud Gateway versions 4.1.x ant\u00e9rieures \u00e0 4.1.12",
"product": {
"name": "Cloud Gateway Server",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Spring Framework versions 6.x ant\u00e9rieures \u00e0 6.1.24",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Spring Framework versions 6.2.x ant\u00e9rieures \u00e0 6.2.12",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Cloud Gateway versions 4.0.x ant\u00e9rieures \u00e0 4.1.12",
"product": {
"name": "Cloud Gateway Server",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Cloud Gateway versions 4.2.x ant\u00e9rieures \u00e0 4.2.6",
"product": {
"name": "Cloud Gateway Server",
"vendor": {
"name": "Spring",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-41253",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41253"
},
{
"name": "CVE-2025-41254",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41254"
}
],
"initial_release_date": "2025-10-16T00:00:00",
"last_revision_date": "2025-10-16T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0883",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-10-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Spring. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Spring",
"vendor_advisories": [
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2025-41254",
"url": "https://spring.io/security/cve-2025-41254"
},
{
"published_at": "2025-10-15",
"title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2025-41253",
"url": "https://spring.io/security/cve-2025-41253"
}
]
}
CERTFR-2025-AVI-0792
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Spring. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Spring | Spring Security | Security versions 6.4.x antérieures à 6.4.10 | ||
| Spring | Spring Security | Security versions 6.5.x antérieures à 6.5.4 | ||
| Spring | Spring Framework | Framework versions 5.3.x antérieures à 5.3.45 | ||
| Spring | Spring Framework | Framework versions 6.x antérieures à 6.1.23 | ||
| Spring | Spring Framework | Framework versions 6.2.x antérieures à 6.2.11 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Security versions 6.4.x ant\u00e9rieures \u00e0 6.4.10",
"product": {
"name": "Spring Security",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Security versions 6.5.x ant\u00e9rieures \u00e0 6.5.4",
"product": {
"name": "Spring Security",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Framework versions 5.3.x ant\u00e9rieures \u00e0 5.3.45",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Framework versions 6.x ant\u00e9rieures \u00e0 6.1.23",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Framework versions 6.2.x ant\u00e9rieures \u00e0 6.2.11",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-41248",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41248"
},
{
"name": "CVE-2025-41249",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41249"
}
],
"initial_release_date": "2025-09-16T00:00:00",
"last_revision_date": "2025-09-16T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0792",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-09-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Spring. Elles permettent \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Spring",
"vendor_advisories": [
{
"published_at": "2025-09-15",
"title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2025-41249",
"url": "https://spring.io/security/cve-2025-41249"
},
{
"published_at": "2025-09-15",
"title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2025-41248",
"url": "https://spring.io/security/cve-2025-41248"
}
]
}
CERTFR-2025-AVI-0696
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Spring Framework. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Spring | Spring Framework | Framework versions 5.3.x antérieures à 5.3.44 | ||
| Spring | Spring Framework | Framework versions 6.2.x antérieures à 6.2.10 | ||
| Spring | Spring Framework | Framework versions 6.x antérieures à 6.1.22 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Framework versions 5.3.x ant\u00e9rieures \u00e0 5.3.44",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Framework versions 6.2.x ant\u00e9rieures \u00e0 6.2.10",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Framework versions 6.x ant\u00e9rieures \u00e0 6.1.22",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-41242",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41242"
}
],
"initial_release_date": "2025-08-14T00:00:00",
"last_revision_date": "2025-08-14T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0696",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-08-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Spring Framework. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans Spring Framework",
"vendor_advisories": [
{
"published_at": "2025-08-14",
"title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2025-41242",
"url": "https://spring.io/security/cve-2025-41242"
}
]
}
CERTFR-2025-AVI-0506
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Spring Framework. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Spring | Spring Framework | Framework versions 6.2.x antérieures à 6.2.8 | ||
| Spring | Spring Framework | Framework versions 6.0.x antérieures à 6.0.29 | ||
| Spring | Spring Framework | Framework versions 6.1.x antérieures à 6.1.21 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Framework versions 6.2.x ant\u00e9rieures \u00e0 6.2.8",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Framework versions 6.0.x ant\u00e9rieures \u00e0 6.0.29",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Framework versions 6.1.x ant\u00e9rieures \u00e0 6.1.21",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-41234",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41234"
}
],
"initial_release_date": "2025-06-13T00:00:00",
"last_revision_date": "2025-06-13T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0506",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-06-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Spring Framework. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans Spring Framework",
"vendor_advisories": [
{
"published_at": "2025-06-12",
"title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2025-41234",
"url": "https://spring.io/security/cve-2025-41234"
}
]
}
CERTFR-2025-AVI-0417
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Spring Framework. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Spring | Spring Framework | Framework versions 6.2.x antérieures à 6.2.7 | ||
| Spring | Spring Framework | Framework versions 5.3.x antérieures à 5.3.43 | ||
| Spring | Spring Framework | Framework versions 6.0.x antérieures à 6.0.28 | ||
| Spring | Spring Framework | Framework versions 6.1.x antérieures à 6.1.20 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Framework versions 6.2.x ant\u00e9rieures \u00e0 6.2.7",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Framework versions 5.3.x ant\u00e9rieures \u00e0 5.3.43",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Framework versions 6.0.x ant\u00e9rieures \u00e0 6.0.28",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Framework versions 6.1.x ant\u00e9rieures \u00e0 6.1.20",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-22233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22233"
}
],
"initial_release_date": "2025-05-16T00:00:00",
"last_revision_date": "2025-05-16T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0417",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Spring Framework. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans Spring Framework",
"vendor_advisories": [
{
"published_at": "2025-05-15",
"title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2025-22233",
"url": "https://spring.io/security/cve-2025-22233"
}
]
}
CERTFR-2024-AVI-0991
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans Spring Framework. Elle permet à un attaquant de provoquer un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Spring | Spring Framework | Spring Framework versions antérieures à 5.3.41 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Spring Framework versions ant\u00e9rieures \u00e0 5.3.41",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-38828",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38828"
}
],
"initial_release_date": "2024-11-15T00:00:00",
"last_revision_date": "2024-11-15T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0991",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Spring Framework. Elle permet \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans Spring",
"vendor_advisories": [
{
"published_at": "2024-11-15",
"title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2024-38828",
"url": "https://spring.io/security/cve-2024-38828"
}
]
}
CERTFR-2024-AVI-0914
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits Spring. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
L'éditeur précise que les vulnérabilités affectent uniquement les configurations qui respectent les conditions suivantes : * Application Webflux * Utilisation du support des ressources statiques proposé par Spring * Utilisation d'une règle d'autorisation non-permitAll appliquée sur les ressources statiques
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Spring | Spring Framework | Spring versions 6.2.x antérieures à 6.2.7 | ||
| Spring | Spring Framework | Spring versions 5.7.x antérieures à 5.7.13 | ||
| Spring | Spring Framework | Spring versions 6.0.x antérieures à 6.0.13 | ||
| Spring | Spring Framework | Spring versions 6.1.x antérieures à 6.1.11 | ||
| Spring | Spring Framework | Spring versions 6.3.x antérieures à 6.3.4 | ||
| Spring | Spring Framework | Spring versions 5.8.x antérieures à 5.8.15 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Spring versions 6.2.x ant\u00e9rieures \u00e0 6.2.7",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Spring versions 5.7.x ant\u00e9rieures \u00e0 5.7.13",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Spring versions 6.0.x ant\u00e9rieures \u00e0 6.0.13",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Spring versions 6.1.x ant\u00e9rieures \u00e0 6.1.11",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Spring versions 6.3.x ant\u00e9rieures \u00e0 6.3.4",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Spring versions 5.8.x ant\u00e9rieures \u00e0 5.8.15",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
}
],
"affected_systems_content": "L\u0027\u00e9diteur pr\u00e9cise que les vuln\u00e9rabilit\u00e9s affectent uniquement les configurations qui respectent les conditions suivantes :\n* Application Webflux\n* Utilisation du support des ressources statiques propos\u00e9 par Spring\n* Utilisation d\u0027une r\u00e8gle d\u0027autorisation *non-permitAll* appliqu\u00e9e sur les ressources statiques",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-38821",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38821"
}
],
"initial_release_date": "2024-10-23T00:00:00",
"last_revision_date": "2024-10-23T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0914",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits Spring. Elle permet \u00e0 un attaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9.",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits Spring",
"vendor_advisories": [
{
"published_at": "2024-10-22",
"title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2024-38821",
"url": "https://spring.io/security/cve-2024-38821"
}
]
}
CERTFR-2024-AVI-0900
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans Spring Framework. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Spring | Spring Framework | Spring Framework versions 5.3.x antérieures à 5.3.41 | ||
| Spring | Spring Framework | Spring Framework versions 6.1.x antérieures à 6.1.14 | ||
| Spring | Spring Framework | Spring Framework versions 6.0.x antérieures à 6.0.25 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Spring Framework versions 5.3.x ant\u00e9rieures \u00e0 5.3.41",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Spring Framework versions 6.1.x ant\u00e9rieures \u00e0 6.1.14",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
},
{
"description": "Spring Framework versions 6.0.x ant\u00e9rieures \u00e0 6.0.25",
"product": {
"name": "Spring Framework",
"vendor": {
"name": "Spring",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-38819",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38819"
},
{
"name": "CVE-2024-38820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38820"
}
],
"initial_release_date": "2024-10-18T00:00:00",
"last_revision_date": "2024-10-18T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0900",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-10-18T00:00:00.000000"
}
],
"risks": [
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Spring Framework. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Spring Framework",
"vendor_advisories": [
{
"published_at": "2024-10-17",
"title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2024-38819",
"url": "https://spring.io/security/cve-2024-38819"
},
{
"published_at": "2024-10-17",
"title": "Bulletin de s\u00e9curit\u00e9 Spring cve-2024-38820",
"url": "https://spring.io/security/cve-2024-38820"
}
]
}