← Browse

Spring

73 CVEs
CVE IDSeverityProduct / summaryPublished
CVE-2026-41862 HIGH 8.8 Spring Statemachine — Spring Statemachine's Kryo-based persistence backends (JPA, MongoDB, Redis and ZooKeeper) deserialise persiste… 2026-06-23 CVE-2026-41708 HIGH 7.5 Spring Cloud Sleuth — In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-o… 2026-06-15 CVE-2026-47825 HIGH 8.6 Spring Cloud Gateway — Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certa… 2026-06-15 CVE-2026-47835 HIGH 8.6 Spring Ai — In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in El… 2026-06-15 CVE-2026-40985 MEDIUM 6.4 Spring Web Flow — Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL ex… 2026-06-11 CVE-2026-40986 MEDIUM 4.8 Spring Web Flow — Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the respo… 2026-06-11 CVE-2026-40987 HIGH 7.1 Spring Integration — A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem (ou… 2026-06-11 CVE-2026-40992 MEDIUM 5 Spring Boot — Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevan… 2026-06-11 CVE-2026-40994 HIGH 8.2 Spring Web Services — Wss4jSecurityInterceptor initialized its BSP (WS-I Basic Security Profile) compliance flag so that inbound val… 2026-06-11 CVE-2026-40995 MEDIUM 5.4 Spring Web Services — X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certific… 2026-06-11 CVE-2026-40996 MEDIUM 4.8 Spring Web Services — Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer de… 2026-06-11 CVE-2026-40997 MEDIUM 5.3 Spring Web Services — Several Spring WS integration paths with Spring Security could surface detailed account state (for example loc… 2026-06-11 CVE-2026-40998 HIGH 8.2 Spring Web Services — Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that p… 2026-06-11 CVE-2026-40999 HIGH 8.6 Spring Web Services — When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound co… 2026-06-11 CVE-2026-41000 LOW 3.7 Spring Web Services — Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for val… 2026-06-11 CVE-2026-41001 MEDIUM 5.3 Spring Boot — Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message b… 2026-06-11 CVE-2026-41699 HIGH 8.1 Spring For Graphql — Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL que… 2026-06-11 CVE-2026-41700 HIGH 8.1 Spring For Graphql — Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSock… 2026-06-11 CVE-2026-41856 HIGH 7.5 Spring For Graphql — The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve anno… 2026-06-11 CVE-2026-40983 HIGH 7.5 Micrometer — In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of… 2026-06-09 CVE-2026-40984 HIGH 7.5 Micrometer — In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of… 2026-06-09 CVE-2026-40988 HIGH 7.5 Spring Security — An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Log… 2026-06-09 CVE-2026-40991 MEDIUM 5.9 Spring Rest Docs — When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over… 2026-06-09 CVE-2026-40993 HIGH 7.3 Spring Security — An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository (saml… 2026-06-09 CVE-2026-41003 HIGH 7.6 Spring Security — An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML for… 2026-06-09 CVE-2026-41006 HIGH 7.5 Spring Hateoas — Spring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection+JSON and UBE… 2026-06-09 CVE-2026-41007 HIGH 7.5 Spring Hateoas — Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on attacker-supplied … 2026-06-09 CVE-2026-41008 MEDIUM 6.1 Spring Security — Spring Security Authorization Server's authorization endpoint performs insufficient validation of the request_… 2026-06-09 CVE-2026-41694 LOW 3.7 Spring Security — Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutRespon… 2026-06-09 CVE-2026-41695 HIGH 7.5 Spring Data Commons — Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attac… 2026-06-09 CVE-2026-41696 MEDIUM 5.9 Spring Data Mongodb — Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform in… 2026-06-09 CVE-2026-41697 MEDIUM 4.8 Spring Data Relational — Spring Data Relational does not properly escape binding values of externally-controlled input when using Strin… 2026-06-09 CVE-2026-41701 MEDIUM 4.4 Spring Amqp — Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable … 2026-06-09 CVE-2026-41706 MEDIUM 6.1 Spring Security — Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in … 2026-06-09 CVE-2026-41710 MEDIUM 5.9 Spring Retry — An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the… 2026-06-09 CVE-2026-41711 MEDIUM 5.9 Spring Data Commons — Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a Stac… 2026-06-09 CVE-2026-41714 MEDIUM 4 Spring Amqp — Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri("amqps://...") with… 2026-06-09 CVE-2026-41715 MEDIUM 6.1 Reactor Netty — In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP c… 2026-06-09 CVE-2026-41716 HIGH 7.5 Spring Data Commons — Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cach… 2026-06-09 CVE-2026-41717 HIGH 8.1 Spring Data Mongodb — Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability. The issue… 2026-06-09 CVE-2026-41719 MEDIUM 6.4 Spring Data Keyvalue — A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort … 2026-06-09 CVE-2026-41720 HIGH 7.4 Spring Ldap — Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty … 2026-06-09 CVE-2026-41721 MEDIUM 5.9 Spring Data Commons — Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Da… 2026-06-09 CVE-2026-41726 MEDIUM 6.5 Spring For Apache Kafka — When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by… 2026-06-09 CVE-2026-41727 MEDIUM 6.5 Spring For Apache Kafka — Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before a… 2026-06-09 CVE-2026-41728 HIGH 7.5 Spring Data Rest — Spring Data REST's JSON Patch (application/json-patch+json) implementation does not apply the write-access fil… 2026-06-09 CVE-2026-41729 HIGH 8.1 Spring Data Rest — Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON … 2026-06-09 CVE-2026-41730 MEDIUM 5.3 Spring Data Rest — Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposi… 2026-06-09 CVE-2026-41731 HIGH 8.1 Spring For Apache Kafka — JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted package… 2026-06-09 CVE-2026-41732 HIGH 8.1 Spring For Apache Pulsar — JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusti… 2026-06-09 CVE-2026-41837 MEDIUM 5.3 Spring Data Rest — Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filte… 2026-06-09 CVE-2026-41838 MEDIUM 4.8 Spring Framework — IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may b… 2026-06-09 CVE-2026-41839 MEDIUM 4.2 Spring Framework — A WebFlux application with a compromised subdomain (for example, compromised via cross-site scripting (XSS)) i… 2026-06-09 CVE-2026-41840 MEDIUM 5.9 Spring Framework — Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart reques… 2026-06-09 CVE-2026-41841 MEDIUM 5.9 Spring Framework — Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static res… 2026-06-09 CVE-2026-41842 HIGH 7.5 Spring Framework — Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when resolving static re… 2026-06-09 CVE-2026-41843 MEDIUM 5.9 Spring Framework — Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. … 2026-06-09 CVE-2026-41844 MEDIUM 4.2 Spring Framework — A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not exp… 2026-06-09 CVE-2026-41845 HIGH 7.1 Spring Framework — Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape() may lead to JavaScript code injection… 2026-06-09 CVE-2026-41846 MEDIUM 5.9 Spring Framework — Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attribut… 2026-06-09 CVE-2026-41847 MEDIUM 4.8 Spring Framework — Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL. Affected… 2026-06-09 CVE-2026-41848 LOW 3.7 Spring Framework — Applications may be vulnerable to a Regular Expression Denial of Service (ReDoS) attack if an attacker is able… 2026-06-09 CVE-2026-41849 HIGH 7.5 Spring Framework — An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language (SpEL). An … 2026-06-09 CVE-2026-41850 HIGH 7.5 Spring Framework — Applications that evaluate user-supplied Spring Expression Language (SpEL) expressions are vulnerable to an Al… 2026-06-09 CVE-2026-41851 MEDIUM 5.3 Spring Framework — Applications which accept user-supplied Spring Expression Language (SpEL) expressions may be vulnerable to a D… 2026-06-09 CVE-2026-41852 LOW 3.7 Spring Framework — A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for arbitrary zero-argument metho… 2026-06-09 CVE-2026-41853 MEDIUM 5.3 Spring Framework — Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions:… 2026-06-09 CVE-2026-41854 MEDIUM 4.2 Spring Framework — Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externa… 2026-06-09 CVE-2026-41855 HIGH 8.1 Spring Framework — In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and… 2026-06-09 CVE-2026-47838 MEDIUM 6.8 Spring Security — SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which… 2026-06-09 CVE-2026-40989 MEDIUM 5.7 Spring Cloud Function — Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products… 2026-06-01 CVE-2026-40990 MEDIUM 5.7 Spring Cloud Function — OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spr… 2026-06-01 CVE-2026-41863 MEDIUM 6.5 Spring Ai — Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve befor… 2026-05-25