CVE Tools
Sign in

CVE-2026-40973

Published: Apr 27, 2026Updated: Apr 30, 2026 Sources: CVE List NVDCWE-377
NVD MITRE
7.0CVSSHIGH
EPSS Score
0.1%
Top 97.4%
CISA KEV
Not in KEV
Exploits
No Known Exploits
Remediation
Patch Available

Description

A local attacker on the same host as the application may be able to take control of the directory used by `ApplicationTemp`. When `server.servlet.session.persistent` is set to `true` and the attack persists across application restarts, this may allow the attacker to read session information and hijack authenticated users or deploy a gadget chain and execute code as the application's user. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); predictable temp directory / `ApplicationTemp` ownership verification. Versions that are no longer supported are also affected per vendor advisory.

CVSS Vector Breakdown

AV:LAC:HPR:LUI:NS:UC:HI:HA:H
Exploitability
AV:LAttack Vector
Local
AC:HAttack Complexity
High
PR:LPrivileges Required
Low
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:HConfidentiality
High
I:HIntegrity
High
A:HAvailability
High
Open in CVSS calculator →

Weaknesses

CWE-377

Affected Products

spring bootvmware
On-prem
Cloud & SaaS / virtualization
Spring BootSpringOSS Libraries
vmwarecommercialUSCloud & SaaSaka vmware inc
springoss-projectOSS Librariesaka spring framework, spring boot, spring security

Exploitability

Official Patch Available

References

https://spring.io/security/cve-2026-40973
spring.io

Timeline

Published
Apr 27, 2026
Last Updated
Apr 30, 2026

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2026-40973 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows