spring

Top products

The 15 most recently published vulnerabilities affecting spring.

• CVE-2026-47825Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situations8.6Jun 15, 2026
• CVE-2026-41708Spring Cloud Sleuth instrumentation of Spring TX DoS vulnerability7.5Jun 15, 2026
• CVE-2026-47835Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores8.6Jun 15, 2026
• CVE-2026-41856Spring GraphQL Annotation Detection Vulnerability7.5Jun 11, 2026
• CVE-2026-41700Cross-Site WebSocket Hijacking in Spring for GraphQL8.1Jun 11, 2026
• CVE-2026-41699Unsafe Deserialization in Spring GraphQL8.1Jun 11, 2026
• CVE-2026-41001Predictable Temp Directory in Artemis Auto-configuration5.3Jun 11, 2026
• CVE-2026-41000WSS4J validation does not use configured replay cache3.7Jun 11, 2026
• CVE-2026-40999Spring WS SSRF via unvalidated WS-Addressing reply destinations8.6Jun 11, 2026
• CVE-2026-40998Jaxp13 XPath XXE via StreamSource and SAXSource8.2Jun 11, 2026
• CVE-2026-40997SOAP security faults leak Spring Security account state5.3Jun 11, 2026
• CVE-2026-40996Inbound WS-Security allows RSA PKCS#1 v1.5 key transport by default4.8Jun 11, 2026
• CVE-2026-40995X.509 authentication bypasses Spring Security account checks5.4Jun 11, 2026
• CVE-2026-40994Wss4jSecurityInterceptor disables WS-I BSP validation by default8.2Jun 11, 2026
• CVE-2026-40992Mail Auto-Configuration Does Not Enable SSL Hostname Verification5.0Jun 11, 2026