Spring VMware Spring

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in VMware Spring.

Recent VMware Spring Security Advisories

Advisory Title Published
2026-06-12 CVE-2026-47835 - High - CVE-2026-47835: Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores June 12, 2026
2026-06-11 CVE-2026-41708 - High - CVE-2026-41708: Spring Cloud Sleuth instrumentation of Spring TX DoS vulnerability June 11, 2026
2026-06-11 CVE-2026-47825 - High - CVE-2026-47825: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situations June 11, 2026
2026-06-10 CVE-2026-40985 - Medium - CVE-2026-40985: Data Binding Vulnerability in Spring Web Flow with Unified EL Parser June 10, 2026
2026-06-10 CVE-2026-41856 - High - CVE-2026-41856: Spring GraphQL Annotation Detection Vulnerability June 10, 2026
2026-06-10 CVE-2026-41699 - High - CVE-2026-41699: Unsafe Deserialization in Spring GraphQL June 10, 2026
2026-06-10 CVE-2026-40997 - Medium - CVE-2026-40997: SOAP security faults leak Spring Security account state June 10, 2026
2026-06-10 CVE-2026-40987 - High - CVE-2026-40987: Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization June 10, 2026
2026-06-10 CVE-2026-40986 - Medium - CVE-2026-40986: Spring Web Flow JS RemotingHandler renders non-HTML Response as HTML June 10, 2026
2026-06-10 CVE-2026-40999 - High - CVE-2026-40999: Spring WS SSRF via unvalidated WS-Addressing reply destinations June 10, 2026

By the Year

In 2026 there have been 0 vulnerabilities in VMware Spring. Spring did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2026 0 0.00
2025 0 0.00
2024 0 0.00
2023 1 7.80

It may take a day or so for new Spring vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent VMware Spring Security Vulnerabilities

Deserialization Attack via Header in Spring-Kafka 3.0.9 (checkDeserExWhen...)
CVE-2023-34040 7.8 - High - August 24, 2023

In Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers. Specifically, an application is vulnerable when all of the following are true: * The user does not configure an ErrorHandlingDeserializer for the key and/or value of the record * The user explicitly sets container properties checkDeserExWhenKeyNull and/or checkDeserExWhenValueNull container properties to true. * The user allows untrusted sources to publish to a Kafka topic By default, these properties are false, and the container only attempts to deserialize the headers if an ErrorHandlingDeserializer is configured. The ErrorHandlingDeserializer prevents the vulnerability by removing any such malicious headers before processing the record.

Marshaling, Unmarshaling

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for VMware Spring or by VMware? Click the Watch button to subscribe.

VMware
Vendor

VMware Spring
Product

subscribe