Spring
73 CVEsCVE IDSeverityProduct / summaryPublished
CVE-2026-41862
HIGH 8.8
Spring Statemachine — Spring Statemachine's Kryo-based persistence backends (JPA, MongoDB, Redis and ZooKeeper) deserialise persiste…
2026-06-23
CVE-2026-41708
HIGH 7.5
Spring Cloud Sleuth — In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-o…
2026-06-15
CVE-2026-47825
HIGH 8.6
Spring Cloud Gateway — Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certa…
2026-06-15
CVE-2026-47835
HIGH 8.6
Spring Ai — In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in El…
2026-06-15
CVE-2026-40985
MEDIUM 6.4
Spring Web Flow — Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL ex…
2026-06-11
CVE-2026-40986
MEDIUM 4.8
Spring Web Flow — Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the respo…
2026-06-11
CVE-2026-40987
HIGH 7.1
Spring Integration — A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem (ou…
2026-06-11
CVE-2026-40992
MEDIUM 5
Spring Boot — Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevan…
2026-06-11
CVE-2026-40994
HIGH 8.2
Spring Web Services — Wss4jSecurityInterceptor initialized its BSP (WS-I Basic Security Profile) compliance flag so that inbound val…
2026-06-11
CVE-2026-40995
MEDIUM 5.4
Spring Web Services — X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certific…
2026-06-11
CVE-2026-40996
MEDIUM 4.8
Spring Web Services — Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer de…
2026-06-11
CVE-2026-40997
MEDIUM 5.3
Spring Web Services — Several Spring WS integration paths with Spring Security could surface detailed account state (for example loc…
2026-06-11
CVE-2026-40998
HIGH 8.2
Spring Web Services — Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that p…
2026-06-11
CVE-2026-40999
HIGH 8.6
Spring Web Services — When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound co…
2026-06-11
CVE-2026-41000
LOW 3.7
Spring Web Services — Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for val…
2026-06-11
CVE-2026-41001
MEDIUM 5.3
Spring Boot — Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message b…
2026-06-11
CVE-2026-41699
HIGH 8.1
Spring For Graphql — Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL que…
2026-06-11
CVE-2026-41700
HIGH 8.1
Spring For Graphql — Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSock…
2026-06-11
CVE-2026-41856
HIGH 7.5
Spring For Graphql — The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve anno…
2026-06-11
CVE-2026-40983
HIGH 7.5
Micrometer — In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of…
2026-06-09
CVE-2026-40984
HIGH 7.5
Micrometer — In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of…
2026-06-09
CVE-2026-40988
HIGH 7.5
Spring Security — An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Log…
2026-06-09
CVE-2026-40991
MEDIUM 5.9
Spring Rest Docs — When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over…
2026-06-09
CVE-2026-40993
HIGH 7.3
Spring Security — An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository (saml…
2026-06-09
CVE-2026-41003
HIGH 7.6
Spring Security — An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML for…
2026-06-09
CVE-2026-41006
HIGH 7.5
Spring Hateoas — Spring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection+JSON and UBE…
2026-06-09
CVE-2026-41007
HIGH 7.5
Spring Hateoas — Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on attacker-supplied …
2026-06-09
CVE-2026-41008
MEDIUM 6.1
Spring Security — Spring Security Authorization Server's authorization endpoint performs insufficient validation of the request_…
2026-06-09
CVE-2026-41694
LOW 3.7
Spring Security — Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutRespon…
2026-06-09
CVE-2026-41695
HIGH 7.5
Spring Data Commons — Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attac…
2026-06-09
CVE-2026-41696
MEDIUM 5.9
Spring Data Mongodb — Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform in…
2026-06-09
CVE-2026-41697
MEDIUM 4.8
Spring Data Relational — Spring Data Relational does not properly escape binding values of externally-controlled input when using Strin…
2026-06-09
CVE-2026-41701
MEDIUM 4.4
Spring Amqp — Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable …
2026-06-09
CVE-2026-41706
MEDIUM 6.1
Spring Security — Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in …
2026-06-09
CVE-2026-41710
MEDIUM 5.9
Spring Retry — An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the…
2026-06-09
CVE-2026-41711
MEDIUM 5.9
Spring Data Commons — Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a Stac…
2026-06-09
CVE-2026-41714
MEDIUM 4
Spring Amqp — Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri("amqps://...") with…
2026-06-09
CVE-2026-41715
MEDIUM 6.1
Reactor Netty — In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP c…
2026-06-09
CVE-2026-41716
HIGH 7.5
Spring Data Commons — Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cach…
2026-06-09
CVE-2026-41717
HIGH 8.1
Spring Data Mongodb — Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability. The issue…
2026-06-09
CVE-2026-41719
MEDIUM 6.4
Spring Data Keyvalue — A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort …
2026-06-09
CVE-2026-41720
HIGH 7.4
Spring Ldap — Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty …
2026-06-09
CVE-2026-41721
MEDIUM 5.9
Spring Data Commons — Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Da…
2026-06-09
CVE-2026-41726
MEDIUM 6.5
Spring For Apache Kafka — When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by…
2026-06-09
CVE-2026-41727
MEDIUM 6.5
Spring For Apache Kafka — Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before a…
2026-06-09
CVE-2026-41728
HIGH 7.5
Spring Data Rest — Spring Data REST's JSON Patch (application/json-patch+json) implementation does not apply the write-access fil…
2026-06-09
CVE-2026-41729
HIGH 8.1
Spring Data Rest — Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON …
2026-06-09
CVE-2026-41730
MEDIUM 5.3
Spring Data Rest — Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposi…
2026-06-09
CVE-2026-41731
HIGH 8.1
Spring For Apache Kafka — JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted package…
2026-06-09
CVE-2026-41732
HIGH 8.1
Spring For Apache Pulsar — JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusti…
2026-06-09
CVE-2026-41837
MEDIUM 5.3
Spring Data Rest — Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filte…
2026-06-09
CVE-2026-41838
MEDIUM 4.8
Spring Framework — IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may b…
2026-06-09
CVE-2026-41839
MEDIUM 4.2
Spring Framework — A WebFlux application with a compromised subdomain (for example, compromised via cross-site scripting (XSS)) i…
2026-06-09
CVE-2026-41840
MEDIUM 5.9
Spring Framework — Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart reques…
2026-06-09
CVE-2026-41841
MEDIUM 5.9
Spring Framework — Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static res…
2026-06-09
CVE-2026-41842
HIGH 7.5
Spring Framework — Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when resolving static re…
2026-06-09
CVE-2026-41843
MEDIUM 5.9
Spring Framework — Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources.
…
2026-06-09
CVE-2026-41844
MEDIUM 4.2
Spring Framework — A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not exp…
2026-06-09
CVE-2026-41845
HIGH 7.1
Spring Framework — Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape() may lead to JavaScript code injection…
2026-06-09
CVE-2026-41846
MEDIUM 5.9
Spring Framework — Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attribut…
2026-06-09
CVE-2026-41847
MEDIUM 4.8
Spring Framework — Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL.
Affected…
2026-06-09
CVE-2026-41848
LOW 3.7
Spring Framework — Applications may be vulnerable to a Regular Expression Denial of Service (ReDoS) attack if an attacker is able…
2026-06-09
CVE-2026-41849
HIGH 7.5
Spring Framework — An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language (SpEL). An …
2026-06-09
CVE-2026-41850
HIGH 7.5
Spring Framework — Applications that evaluate user-supplied Spring Expression Language (SpEL) expressions are vulnerable to an Al…
2026-06-09
CVE-2026-41851
MEDIUM 5.3
Spring Framework — Applications which accept user-supplied Spring Expression Language (SpEL) expressions may be vulnerable to a D…
2026-06-09
CVE-2026-41852
LOW 3.7
Spring Framework — A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for arbitrary zero-argument metho…
2026-06-09
CVE-2026-41853
MEDIUM 5.3
Spring Framework — Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks.
Affected versions:…
2026-06-09
CVE-2026-41854
MEDIUM 4.2
Spring Framework — Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externa…
2026-06-09
CVE-2026-41855
HIGH 8.1
Spring Framework — In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and…
2026-06-09
CVE-2026-47838
MEDIUM 6.8
Spring Security — SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which…
2026-06-09
CVE-2026-40989
MEDIUM 5.7
Spring Cloud Function — Under infinite recursion in the routing layer, request-handling can cause OOM error.
Affected Spring Products…
2026-06-01
CVE-2026-40990
MEDIUM 5.7
Spring Cloud Function — OOM error is possible while attempting to add infinite amount of functions to Function Registry.
Affected Spr…
2026-06-01
CVE-2026-41863
MEDIUM 6.5
Spring Ai — Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve befor…
2026-05-25