VMware Spring Framework

Spring gRPC 1.0.0-1.0.2 AuthEx Leakage via gRPC Status
CVE-2026-40969 3.7 - Low - April 28, 2026

The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain information about the authentication failure, which may be useful for further attacks. Affected versions: Spring gRPC: 1.0.0 - 1.0.2 (fixed in 1.0.3). Older, unsupported versions are also affected.

Generation of Error Message Containing Sensitive Information

Spring gRPC auth ID retained on thread, pre-1.0.3
CVE-2026-40968 4.3 - Medium - April 28, 2026

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions: Spring gRPC: 1.0.0 - 1.0.2 (fixed in 1.0.3). Older, unsupported versions are also affected.

Separation of Privilege

Spring AI ForkPDFLayoutTextStripper DoS via crafted PDF (1.0.0-1.1.4)
CVE-2026-40980 6.5 - Medium - April 28, 2026

In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by `ForkPDFLayoutTextStripper`. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)

Resource Exhaustion

Spring AI 1.0.0-1.0.5 / 1.1.0-1.1.4 Shared Env Exposes ONNX (fixed 1.0.6/1.1.5)
CVE-2026-40979 6.1 - Medium - April 28, 2026

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)

Insecure Temporary File

Spring AI 1.0.0-1.0.5 / 1.1.0-1.1.4 SQLi in CosmosDBVectorStore (fixed 1.0.6/1.1.5)
CVE-2026-40978 8.8 - High - April 28, 2026

SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)

SQL Injection

Spring AI VSCMA Exfiltration via conversationId Injection
CVE-2026-40966 5.9 - Medium - April 28, 2026

In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users chat histories, including secrets and credentials, by injecting filter logic through conversationId. Only applications that use VectorStoreChatMemoryAdvisor and pass user-supplied input as a conversationId are affected.

Authorization

Spring AI 1.0-1.0.5 Query-Language Injection via Unescaped Filters
CVE-2026-40967 8.6 - High - April 28, 2026

In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)

Code Injection

Spring Boot 2.74.0.6 ApplicationPidFileWriter PID File Corruption
CVE-2026-40977 4.7 - Medium - April 27, 2026

When an application is configured to use `ApplicationPidFileWriter`, a local attacker with write access to the PID file's location can corrupt one file on the host each time the application is started. Affected: Spring Boot 4.0.04.0.5 (fix 4.0.6), 3.5.03.5.13 (fix 3.5.14), 3.4.03.4.15 (fix 3.4.16), 3.3.03.3.18 (fix 3.3.19), 2.7.02.7.32 (fix 2.7.33); PID file / symlink behavior (`ApplicationPidFileWriter`). Versions that are no longer supported are also affected per vendor advisory.

insecure temporary file

Spring Boot 4.0.5 Default Security Filter Chain Bypass
CVE-2026-40976 9.1 - Critical - April 27, 2026

In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter chain; depend on spring-boot-actuator-autoconfigure; not depend on spring-boot-health. If any of the above does not apply, the application is not vulnerable. Affected: Spring Boot 4.0.04.0.5; upgrade to 4.0.6 or later per vendor advisory.

AuthZ

Spring Boot Weak PRNG in Random Value Property Source (before 4.0.6)
CVE-2026-40975 4.8 - Medium - April 27, 2026

Values produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affected. ${random.int} and ${random.long} should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.04.0.5 (fix 4.0.6), 3.5.03.5.13 (fix 3.5.14), 3.4.03.4.15 (fix 3.4.16), 3.3.03.3.18 (fix 3.3.19), 2.7.02.7.32 (fix 2.7.33); random value property source / weak PRNG for secrets. Versions that are no longer supported are also affected per vendor advisory.

Use of Insufficiently Random Values

Spring Boot Cassandra SSL Hostname Verification Failure (pre 4.0.6, 3.5.14, ...)
CVE-2026-40974 5 - Medium - April 27, 2026

Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra. Affected: Spring Boot 4.0.04.0.5 (fix 4.0.6), 3.5.03.5.13 (fix 3.5.14), 3.4.03.4.15 (fix 3.4.16), 3.3.03.3.18 (fix 3.3.19), 2.7.02.7.32 (fix 2.7.33); Cassandra SSL auto-configuration. Versions that are no longer supported are also affected per vendor advisory.

Improper Certificate Validation

Spring Boot 4 Session Hijack via ApplicationTemp TempDir
CVE-2026-40973 7 - High - April 27, 2026

A local attacker on the same host as the application may be able to take control of the directory used by `ApplicationTemp`. When `server.servlet.session.persistent` is set to `true` and the attack persists across application restarts, this may allow the attacker to read session information and hijack authenticated users or deploy a gadget chain and execute code as the application's user. Affected: Spring Boot 4.0.04.0.5 (fix 4.0.6), 3.5.03.5.13 (fix 3.5.14), 3.4.03.4.15 (fix 3.4.16), 3.3.03.3.18 (fix 3.3.19), 2.7.02.7.32 (fix 2.7.33); predictable temp directory / `ApplicationTemp` ownership verification. Versions that are no longer supported are also affected per vendor advisory.

Insecure Temporary File

Timing Attack RCE via Remote Secret Comparison in Spring Boot 3.x
CVE-2026-40972 7.5 - High - April 27, 2026

An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading changed classes, thereby achieving remote code execution in the remote application. Affected: Spring Boot 4.0.04.0.5 (fix 4.0.6), 3.5.03.5.13 (fix 3.5.14), 3.4.03.4.15 (fix 3.4.16), 3.3.03.3.18 (fix 3.3.19), 2.7.02.7.32 (fix 2.7.33); DevTools remote secret comparison. Versions that are no longer supported are also affected per vendor advisory.

Observable Timing Discrepancy

Spring Boot 4.0.04.0.5/3.5.03.5.13 RabbitMQ SSL Hostname Verification Bypass
CVE-2026-40971 5 - Medium - April 27, 2026

When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. Affected: Spring Boot 4.0.04.0.5 (fix 4.0.6), 3.5.03.5.13 (fix 3.5.14) per vendor advisory.

Improper Certificate Validation

Spring Boot 4.0.04.0.5: Omitted Hostname Verification in ES SSL Auto-Config
CVE-2026-40970 5 - Medium - April 27, 2026

When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server. Affected: Spring Boot 4.0.04.0.5; upgrade to 4.0.6 or later per vendor advisory.

Improper Certificate Validation

Spring Security 7.0.07.0.4: Auth ByPass via Servlet Path
CVE-2026-22754 7.5 - High - April 22, 2026

Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path="/servlet-path" pattern="/endpoint/**"/> to define the servlet path for computing a path matcher, then the servlet path is not included and the related authorization rules are not exercised. This can lead to an authorization bypass.This issue affects Spring Security: from 7.0.0 through 7.0.4.

Authorization

Spring Security 7.0.0-7.0.4 Matcher Security Bypass
CVE-2026-22753 7.5 - High - April 22, 2026

Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components will not be exercised as intended by the application. This can lead to the authentication, authorization, and other security controls being rendered inactive on intended requests.This issue affects Spring Security: from 7.0.0 through 7.0.4.

Protection Mechanism Failure

Spring Security 6/7 JWT Decoder Missing Token Validator (CVE-2026-22748)
CVE-2026-22748 5.3 - Medium - April 22, 2026

Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder  or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator<Jwt> separately, for example by calling setJwtValidator.This issue affects Spring Security: from 6.3.0 through 6.3.14, from 6.4.0 through 6.4.14, from 6.5.0 through 6.5.9, from 7.0.0 through 7.0.4.

Improper Input Validation

Spring Security 7.0.0-7.0.4 SubjectX500PrincipalExtractor X.509 CN flaw impersonation
CVE-2026-22747 6.8 - Medium - April 22, 2026

Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. This issue affects Spring Security: from 7.0.0 through 7.0.4.

Improper Validation of Certificate with Host Mismatch

Spring Security 5.7-7.0 DAO Auth Timing Attack Bypass via Disabled/Locked
CVE-2026-22746 3.7 - Low - April 22, 2026

Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAccountNonExpired, or #isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, or locked.This issue affects Spring Security: from 5.7.0 through 5.7.22, from 5.8.0 through 5.8.24, from 6.3.0 through 6.3.15, from 6.5.0 through 6.5.9, from 7.0.0 through 7.0.4.

Observable Timing Discrepancy

SpringSec TOCTOU Race JdbcOneTimeTokenSrv v6.4.0-6.4.15/6.5.0-6.5.9/7.0.0-7.0.4
CVE-2026-22751 4.8 - Medium - April 21, 2026

Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use (TOCTOU) race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0.0 through 7.0.4.

TOCTTOU

Spring Cloud Gateway SSL Bundle Config Ignored (CVE-2026-22750)
CVE-2026-22750 7.5 - High - April 10, 2026

When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud Gateway 4.2.0 and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway 4.2.x release newer than 4.2.0  available on Maven Centeral https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/ . Ideally if you are not an enterprise customer, you should be upgrading to 5.0.2 or 5.1.1 which are the current supported open source releases.

External Control of System or Configuration Setting

Spring AI redis-store TAG Injection via RedisFilterExpressionConverter (pre1.0.5/1.1.3)
CVE-2026-22744 7.5 - High - March 27, 2026

In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue() inserts the value directly into the @field:{VALUE} RediSearch TAG block without escaping characters.This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.

Neo4jVectorFilterExpressionConverter Cypher Injection in SpringAI Neo4j Store <1.0.5 & <1.1.4
CVE-2026-22743 7.5 - High - March 27, 2026

Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey() embeds the key into a backtick-delimited Cypher property accessor (node.`metadata.`) after stripping only double quotes, without escaping embedded backticks.This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.

SQL Injection

Spring AI spring-ai-bedrock-converse SSRF in BedrockProxyChatModel pre-1.1.4
CVE-2026-22742 8.6 - High - March 27, 2026

Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests to unintended internal or external destinations. This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.

Spring AI SpEL Injection via SimpleVectorStore (1.0.01.0.4, 1.1.01.1.3)
CVE-2026-22738 9.8 - Critical - March 27, 2026

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and pass user-supplied input as a filter expression key are affected. This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.

Spring Cloud PT via Profile Param (<3.1.13/4.1.9/4.2.3/4.3.2/5.0.2)
CVE-2026-22739 8.6 - High - March 24, 2026

Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible to access files outside of the configured search directories.This issue affects Spring Cloud: from 3.1.X before 3.1.13, from 4.1.X before 4.1.9, from 4.2.X before 4.2.3, from 4.3.X before 4.3.2, from 5.0.X before 5.0.2.

Directory traversal

Spring Framework 5.3.46-7.0.5 Path Traversal via Java Script Views
CVE-2026-22737 5.9 - Medium - March 19, 2026

Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.

Directory traversal

Spring MVC/WebFlux SSE Stream Corruption for v5.3-7.0.5
CVE-2026-22735 2.6 - Low - March 19, 2026

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.

Improper Locking

Spring Security 4.0.3 Auth Bypass via CloudFoundry Actuator (CVE-2026-22733)
CVE-2026-22733 8.2 - High - March 19, 2026

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints. This issue affects Spring Security: from 4.0.0 through 4.0.3, from 3.5.0 through 3.5.11, from 3.4.0 through 3.4.14, from 3.3.0 through 3.3.17, from 2.7.0 through 2.7.31.

Authentication Bypass Using an Alternate Path or Channel

Spring Security HTTP Header Write Failure before 7.0.4
CVE-2026-22732 9.1 - Critical - March 19, 2026

When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written.  This issue affects Spring Security Servlet applications using lazy (default) writing of HTTP Headers: : from 5.7.0 through 5.7.21, from 5.8.0 through 5.8.23, from 6.3.0 through 6.3.14, from 6.4.0 through 6.4.14, from 6.5.0 through 6.5.8, from 7.0.0 through 7.0.3.

forced browsing

Auth Bypass in Spring Boot Actuator Health Group <=4.0.3
CVE-2026-22731 8.2 - High - March 19, 2026

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: from 4.0 before 4.0.3, from 3.5 before 3.5.11, from 3.4 before 3.4.15. This CVE is similar but not equivalent to CVE-2026-22733, as the conditions for exploit and vulnerable versions are different.

Authentication Bypass Using an Alternate Path or Channel

JSONPath Injection in Spring AI AbstractFilterExpressionConverter
CVE-2026-22729 8.6 - High - March 18, 2026

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is concatenated into JSONPath queries without proper escaping, enabling attackers to inject arbitrary JSONPath logic and access unauthorized documents. This vulnerability affects applications using vector stores that extend AbstractFilterExpressionConverter for multi-tenant isolation, role-based access control, or document filtering based on metadata. The vulnerability occurs when user-supplied values in filter expressions are not escaped before being inserted into JSONPath queries. Special characters like ", ||, and && are passed through unescaped, allowing injection of arbitrary JSONPath logic that can alter the intended query semantics.

EL Injection

SQLi in Spring AI's MariaDBFilterExpressionConverter Bypass Metadata Controls
CVE-2026-22730 8.8 - High - March 18, 2026

A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization.

SQL Injection

Command Injection in VSCode Spring CLI Extension
CVE-2026-22718 6.8 - Medium - January 14, 2026

The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine.

Shell injection

Spring Framework STOMP/WS Bypass (5.3.x6.2.x)
CVE-2025-41254 4.3 - Medium - October 16, 2025

STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Products and VersionsSpring Framework: * 6.2.0 - 6.2.11 * 6.1.0 - 6.1.23 * 6.0.x - 6.0.29 * 5.3.0 - 5.3.45 * Older, unsupported versions are also affected. MitigationUsers of affected versions should upgrade to the corresponding fixed version. Affected version(s)Fix versionAvailability6.2.x6.2.12OSS6.1.x6.1.24 Commercial https://enterprise.spring.io/ 6.0.xN/A Out of support https://spring.io/projects/spring-framework#support 5.3.x5.3.46 Commercial https://enterprise.spring.io/ No further mitigation steps are necessary. CreditThis vulnerability was discovered and responsibly reported by Jannis Kaiser.

Session Riding

Spring Cloud Gateway Webflux Exposes Env Vars via SpEL
CVE-2025-41253 7.5 - High - October 16, 2025

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: * The application is using Spring Cloud Gateway Server Webflux (Spring Cloud Gateway Server WebMVC is not vulnerable). * An admin or untrusted third party using Spring Expression Language (SpEL) to access environment variables or system properties via routes. * An untrusted third party could create a route that uses SpEL to access environment variables or system properties if: * The Spring Cloud Gateway Server Webflux actuator web endpoint is enabled via management.endpoints.web.exposure.include=gateway and management.endpoint.gateway.enabled=trueor management.endpoint.gateway.access=unrestricte. * The actuator endpoints are available to attackers. * The actuator endpoints are unsecured.

EL Injection

Spring Framework Generic Annotation Detection Flaw in @EnableMethodSecurity
CVE-2025-41249 7.5 - High - September 16, 2025

The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by this if you are using Spring Security's @EnableMethodSecurity feature. You are not affected by this if you are not using @EnableMethodSecurity or if you do not use security annotations on methods in generic superclasses or generic interfaces. This CVE is published in conjunction with CVE-2025-41248 https://spring.io/security/cve-2025-41248 .

AuthZ

Spring MVC Path Traversal on Non-Compliant Servlet Containers (CVE-2025-41242)
CVE-2025-41242 5.9 - Medium - August 18, 2025

Spring Framework MVC applications can be vulnerable to a Path Traversal Vulnerability when deployed on a non-compliant Servlet container. An application can be vulnerable when all the following are true: * the application is deployed as a WAR or with an embedded Servlet container * the Servlet container does not reject suspicious sequences https://jakarta.ee/specifications/servlet/6.1/jakarta-servlet-spec-6.1.html#uri-path-canonicalization * the application serves static resources https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-config/static-resources.html#page-title  with Spring resource handling We have verified that applications deployed on Apache Tomcat or Eclipse Jetty are not vulnerable, as long as default security features are not disabled in the configuration. Because we cannot check exploits against all Servlet containers and configuration variants, we strongly recommend upgrading your application.

Directory traversal

Spring Framework 6.x RFD via CD#filename(String, Charset)
CVE-2025-41234 - June 12, 2025

Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a Content-Disposition header with a non-ASCII charset, where the filename attribute is derived from user-supplied input. Specifically, an application is vulnerable when all the following are true: * The header is prepared with org.springframework.http.ContentDisposition. * The filename is set via ContentDisposition.Builder#filename(String, Charset). * The value for the filename is derived from user-supplied input. * The application does not sanitize the user-supplied input. * The downloaded content of the response is injected with malicious commands by the attacker (see RFD paper reference for details). An application is not vulnerable if any of the following is true: * The application does not set a Content-Disposition response header. * The header is not prepared with org.springframework.http.ContentDisposition. * The filename is set via one of: * ContentDisposition.Builder#filename(String), or * ContentDisposition.Builder#filename(String, ASCII) * The filename is not derived from user-supplied input. * The filename is derived from user-supplied input but sanitized by the application. * The attacker cannot inject malicious content in the downloaded content of the response. Affected Spring Products and VersionsSpring Framework: * 6.2.0 - 6.2.7 * 6.1.0 - 6.1.20 * 6.0.5 - 6.0.28 * Older, unsupported versions are not affected MitigationUsers of affected versions should upgrade to the corresponding fixed version. Affected version(s)Fix versionAvailability6.2.x6.2.8OSS6.1.x6.1.21OSS6.0.x6.0.29 Commercial https://enterprise.spring.io/ No further mitigation steps are necessary. CWE-113 in `Content-Disposition` handling in VMware Spring Framework versions 6.0.5 to 6.2.7 allows remote attackers to launch Reflected File Download (RFD) attacks via unsanitized user input in `ContentDisposition.Builder#filename(String, Charset)` with non-ASCII charsets.

Spring Framework <=6.2.6 – Bind Bypass via disallowedFields
CVE-2025-22233 - May 16, 2025

CVE-2024-38820 ensured Locale-independent, lowercase conversion for both the configured disallowedFields patterns and for request parameter names. However, there are still cases where it is possible to bypass the disallowedFields checks. Affected Spring Products and Versions Spring Framework: * 6.2.0 - 6.2.6 * 6.1.0 - 6.1.19 * 6.0.0 - 6.0.27 * 5.3.0 - 5.3.42 * Older, unsupported versions are also affected Mitigation Users of affected versions should upgrade to the corresponding fixed version. Affected version(s)Fix Version Availability 6.2.x 6.2.7 OSS6.1.x 6.1.20 OSS6.0.x 6.0.28 Commercial https://enterprise.spring.io/ 5.3.x 5.3.43 Commercial https://enterprise.spring.io/ No further mitigation steps are necessary. Generally, we recommend using a dedicated model object with properties only for data binding, or using constructor binding since constructor arguments explicitly declare what to bind together with turning off setter binding through the declarativeBinding flag. See the Model Design section in the reference documentation. For setting binding, prefer the use of allowedFields (an explicit list) over disallowedFields. Credit This issue was responsibly reported by the TERASOLUNA Framework Development Team from NTT DATA Group Corporation.

Spring Framework Path Traversal Vulnerability in WebMvc.fn and WebFlux.fn
CVE-2024-38819 - December 19, 2024

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.

Spring Framework DataBinder Locale-based Case-Insensitive Bypass
CVE-2024-38820 5.3 - Medium - October 18, 2024

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase() has some Locale dependent exceptions that could potentially result in fields not protected as expected.

Spring Framework 5.3.0-5.3.38 DoS via SpEL Expr
CVE-2024-38808 - August 20, 2024

In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition. Specifically, an application is vulnerable when the following is true: * The application evaluates user-supplied SpEL expressions.

Spring URI Builder Open Redirect / SSRF
CVE-2024-22262 - April 16, 2024

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259  and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.

Spring Framework External URL Redirect & SSRF Vulnerability (CVE-2024-22259)
CVE-2024-22259 - March 16, 2024

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html  attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.

Spring MVC DoS in Spring Framework 6.0.15 & 6.1.2 (Spring Security)
CVE-2024-22233 7.5 - High - January 22, 2024

In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpath Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions.

Spring Framework CVE-2023-34053: DoS via ObservationRegistry (6.0.0-6.0.13)
CVE-2023-34053 7.5 - High - November 28, 2023

In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC or Spring WebFlux * io.micrometer:micrometer-core is on the classpath * an ObservationRegistry is configured in the application to record observations Typically, Spring Boot applications need the org.springframework.boot:spring-boot-actuator dependency to meet all conditions.

Spring Framework DoS via crafted SpEL expression (pre-5.2.24, 5.3.27, 6.0.8)
CVE-2023-20863 6.5 - Medium - April 13, 2023

In spring framework versions prior to 5.2.24 release+ ,5.3.27+ and 6.0.8+ , it is possible for a user to provide a specially crafted SpEL expression that may cause a denial-of-service (DoS) condition.

EL Injection

Spring Framework 5.3/6.0 (6.0.6) '**' Pattern Bypass in Security Config
CVE-2023-20860 7.5 - High - March 27, 2023

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass.