Vulnerability-Lookup

WID-SEC-W-2026-1263

Vulnerability from csaf_certbund - Published: 2026-04-23 22:00 - Updated: 2026-06-02 22:00

Summary

VMware Tanzu Spring Boot: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Spring Boot ist ein Framework zur Entwicklung von Java Anwendungen. Spring Boot basiert auf dem Spring Framework.

Angriff: Ein Angreifer kann mehrere Schwachstellen in VMware Tanzu Spring Boot ausnutzen, um beliebigen Programmcode auszuführen, Sicherheitsmaßnahmen zu umgehen, vertrauliche Daten zu manipulieren oder offenzulegen oder authentifizierte Benutzer zu kapern.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2026-40970

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Apache Camel for Spring Boot Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_for_spring_boot`	Apache Camel for Spring Boot
Red Hat OpenShift Dev Spaces <3.28.0 Red Hat / OpenShift		Dev Spaces <3.28.0
VMware Tanzu Spring Boot <3.5.14 VMware Tanzu / Spring Boot		<3.5.14
HCL Commerce 9.1.0-9.1.19.0 HCL / Commerce	`cpe:/a:hcltechsw:commerce:9.1.0_-_9.1.19.0`	9.1.0-9.1.19.0
VMware Tanzu Spring Boot <4.0.6 VMware Tanzu / Spring Boot		<4.0.6

CVE-2026-40971

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Apache Camel for Spring Boot Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_for_spring_boot`	Apache Camel for Spring Boot
Red Hat OpenShift Dev Spaces <3.28.0 Red Hat / OpenShift		Dev Spaces <3.28.0
VMware Tanzu Spring Boot <3.5.14 VMware Tanzu / Spring Boot		<3.5.14
HCL Commerce 9.1.0-9.1.19.0 HCL / Commerce	`cpe:/a:hcltechsw:commerce:9.1.0_-_9.1.19.0`	9.1.0-9.1.19.0
VMware Tanzu Spring Boot <4.0.6 VMware Tanzu / Spring Boot		<4.0.6

CVE-2026-40972

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Apache Camel for Spring Boot Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_for_spring_boot`	Apache Camel for Spring Boot
Red Hat OpenShift Dev Spaces <3.28.0 Red Hat / OpenShift		Dev Spaces <3.28.0
VMware Tanzu Spring Boot <3.5.14 VMware Tanzu / Spring Boot		<3.5.14
HCL Commerce 9.1.0-9.1.19.0 HCL / Commerce	`cpe:/a:hcltechsw:commerce:9.1.0_-_9.1.19.0`	9.1.0-9.1.19.0
VMware Tanzu Spring Boot <4.0.6 VMware Tanzu / Spring Boot		<4.0.6

CVE-2026-40973

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Apache Camel for Spring Boot Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_for_spring_boot`	Apache Camel for Spring Boot
Red Hat OpenShift Dev Spaces <3.28.0 Red Hat / OpenShift		Dev Spaces <3.28.0
VMware Tanzu Spring Boot <3.5.14 VMware Tanzu / Spring Boot		<3.5.14
HCL Commerce 9.1.0-9.1.19.0 HCL / Commerce	`cpe:/a:hcltechsw:commerce:9.1.0_-_9.1.19.0`	9.1.0-9.1.19.0
VMware Tanzu Spring Boot <4.0.6 VMware Tanzu / Spring Boot		<4.0.6

CVE-2026-40974

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Apache Camel for Spring Boot Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_for_spring_boot`	Apache Camel for Spring Boot
Red Hat OpenShift Dev Spaces <3.28.0 Red Hat / OpenShift		Dev Spaces <3.28.0
VMware Tanzu Spring Boot <3.5.14 VMware Tanzu / Spring Boot		<3.5.14
HCL Commerce 9.1.0-9.1.19.0 HCL / Commerce	`cpe:/a:hcltechsw:commerce:9.1.0_-_9.1.19.0`	9.1.0-9.1.19.0
VMware Tanzu Spring Boot <4.0.6 VMware Tanzu / Spring Boot		<4.0.6

CVE-2026-40975

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Apache Camel for Spring Boot Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_for_spring_boot`	Apache Camel for Spring Boot
Red Hat OpenShift Dev Spaces <3.28.0 Red Hat / OpenShift		Dev Spaces <3.28.0
VMware Tanzu Spring Boot <3.5.14 VMware Tanzu / Spring Boot		<3.5.14
HCL Commerce 9.1.0-9.1.19.0 HCL / Commerce	`cpe:/a:hcltechsw:commerce:9.1.0_-_9.1.19.0`	9.1.0-9.1.19.0
VMware Tanzu Spring Boot <4.0.6 VMware Tanzu / Spring Boot		<4.0.6

CVE-2026-40976

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Apache Camel for Spring Boot Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_for_spring_boot`	Apache Camel for Spring Boot
Red Hat OpenShift Dev Spaces <3.28.0 Red Hat / OpenShift		Dev Spaces <3.28.0
VMware Tanzu Spring Boot <3.5.14 VMware Tanzu / Spring Boot		<3.5.14
HCL Commerce 9.1.0-9.1.19.0 HCL / Commerce	`cpe:/a:hcltechsw:commerce:9.1.0_-_9.1.19.0`	9.1.0-9.1.19.0
VMware Tanzu Spring Boot <4.0.6 VMware Tanzu / Spring Boot		<4.0.6

CVE-2026-40977

Affected products

Known affected 6 products

Product	Identifier	Version
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Apache Camel for Spring Boot Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_for_spring_boot`	Apache Camel for Spring Boot
Red Hat OpenShift Dev Spaces <3.28.0 Red Hat / OpenShift		Dev Spaces <3.28.0
VMware Tanzu Spring Boot <3.5.14 VMware Tanzu / Spring Boot		<3.5.14
HCL Commerce 9.1.0-9.1.19.0 HCL / Commerce	`cpe:/a:hcltechsw:commerce:9.1.0_-_9.1.19.0`	9.1.0-9.1.19.0
VMware Tanzu Spring Boot <4.0.6 VMware Tanzu / Spring Boot		<4.0.6

References

16 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://spring.io/blog/2026/04/23/spring-boot-3-5…	external
https://spring.io/blog/2026/04/23/spring-boot-4-0…	external
https://spring.io/security/cve-2026-40970	external
https://spring.io/security/cve-2026-40971	external
https://spring.io/security/cve-2026-40972	external
https://spring.io/security/cve-2026-40973	external
https://spring.io/security/cve-2026-40974	external
https://spring.io/security/cve-2026-40975	external
https://spring.io/security/cve-2026-40976	external
https://spring.io/security/cve-2026-40977	external
https://support.hcl-software.com/community?id=com…	external
https://access.redhat.com/errata/RHSA-2026:17668	external
https://access.redhat.com/errata/RHSA-2026:21772	external
https://access.redhat.com/errata/RHSA-2026:22619	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Spring Boot ist ein Framework zur Entwicklung von Java Anwendungen. Spring Boot basiert auf dem Spring Framework.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in VMware Tanzu Spring Boot ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, vertrauliche Daten zu manipulieren oder offenzulegen oder authentifizierte Benutzer zu kapern.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-1263 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1263.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-1263 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1263"
      },
      {
        "category": "external",
        "summary": "Spring Blog vom 2026-04-23",
        "url": "https://spring.io/blog/2026/04/23/spring-boot-3-5-14-available-now"
      },
      {
        "category": "external",
        "summary": "Spring Blog vom 2026-04-23",
        "url": "https://spring.io/blog/2026/04/23/spring-boot-4-0-6-available-now"
      },
      {
        "category": "external",
        "summary": "Spring Security Advisories vom 2026-04-23",
        "url": "https://spring.io/security/cve-2026-40970"
      },
      {
        "category": "external",
        "summary": "Spring Security Advisories vom 2026-04-23",
        "url": "https://spring.io/security/cve-2026-40971"
      },
      {
        "category": "external",
        "summary": "Spring Security Advisories vom 2026-04-23",
        "url": "https://spring.io/security/cve-2026-40972"
      },
      {
        "category": "external",
        "summary": "Spring Security Advisories vom 2026-04-23",
        "url": "https://spring.io/security/cve-2026-40973"
      },
      {
        "category": "external",
        "summary": "Spring Security Advisories vom 2026-04-23",
        "url": "https://spring.io/security/cve-2026-40974"
      },
      {
        "category": "external",
        "summary": "Spring Security Advisories vom 2026-04-23",
        "url": "https://spring.io/security/cve-2026-40975"
      },
      {
        "category": "external",
        "summary": "Spring Security Advisories vom 2026-04-23",
        "url": "https://spring.io/security/cve-2026-40976"
      },
      {
        "category": "external",
        "summary": "Spring Security Advisories vom 2026-04-23",
        "url": "https://spring.io/security/cve-2026-40977"
      },
      {
        "category": "external",
        "summary": "HCL Security Bulletin vom 2026-05-12",
        "url": "https://support.hcl-software.com/community?id=community_blog\u0026sys_id=2f600efd2bf4c7900c64f1a1d891bf19"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:17668 vom 2026-05-14",
        "url": "https://access.redhat.com/errata/RHSA-2026:17668"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:21772 vom 2026-05-29",
        "url": "https://access.redhat.com/errata/RHSA-2026:21772"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:22619 vom 2026-06-02",
        "url": "https://access.redhat.com/errata/RHSA-2026:22619"
      }
    ],
    "source_lang": "en-US",
    "title": "VMware Tanzu Spring Boot: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-06-02T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-03T06:33:56.719+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-1263",
      "initial_release_date": "2026-04-23T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-04-23T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-04-27T22:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2026-25908, EUVD-2026-25936, EUVD-2026-25930, EUVD-2026-25941, EUVD-2026-25940, EUVD-2026-25939, EUVD-2026-25938, EUVD-2026-25937"
        },
        {
          "date": "2026-05-12T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2026-05-14T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-05-28T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-06-02T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "6"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "9.1.0-9.1.19.0",
                "product": {
                  "name": "HCL Commerce 9.1.0-9.1.19.0",
                  "product_id": "T053858",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:hcltechsw:commerce:9.1.0_-_9.1.19.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Commerce"
          }
        ],
        "category": "vendor",
        "name": "HCL"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux",
                "product": {
                  "name": "Red Hat Enterprise Linux",
                  "product_id": "67646",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Apache Camel for Spring Boot",
                "product": {
                  "name": "Red Hat Enterprise Linux Apache Camel for Spring Boot",
                  "product_id": "T040879",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:apache_camel_for_spring_boot"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Dev Spaces \u003c3.28.0",
                "product": {
                  "name": "Red Hat OpenShift Dev Spaces \u003c3.28.0",
                  "product_id": "T054838"
                }
              },
              {
                "category": "product_version",
                "name": "Dev Spaces 3.28.0",
                "product": {
                  "name": "Red Hat OpenShift Dev Spaces 3.28.0",
                  "product_id": "T054838-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:dev_spaces__3.28.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenShift"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c3.5.14",
                "product": {
                  "name": "VMware Tanzu Spring Boot \u003c3.5.14",
                  "product_id": "T053307"
                }
              },
              {
                "category": "product_version",
                "name": "3.5.14",
                "product": {
                  "name": "VMware Tanzu Spring Boot 3.5.14",
                  "product_id": "T053307-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:vmware_tanzu:spring_boot:3.5.14"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.0.6",
                "product": {
                  "name": "VMware Tanzu Spring Boot \u003c4.0.6",
                  "product_id": "T053308"
                }
              },
              {
                "category": "product_version",
                "name": "4.0.6",
                "product": {
                  "name": "VMware Tanzu Spring Boot 4.0.6",
                  "product_id": "T053308-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:vmware_tanzu:spring_boot:4.0.6"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Spring Boot"
          }
        ],
        "category": "vendor",
        "name": "VMware Tanzu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-40970",
      "product_status": {
        "known_affected": [
          "67646",
          "T040879",
          "T054838",
          "T053307",
          "T053858",
          "T053308"
        ]
      },
      "release_date": "2026-04-23T22:00:00.000+00:00",
      "title": "CVE-2026-40970"
    },
    {
      "cve": "CVE-2026-40971",
      "product_status": {
        "known_affected": [
          "67646",
          "T040879",
          "T054838",
          "T053307",
          "T053858",
          "T053308"
        ]
      },
      "release_date": "2026-04-23T22:00:00.000+00:00",
      "title": "CVE-2026-40971"
    },
    {
      "cve": "CVE-2026-40972",
      "product_status": {
        "known_affected": [
          "67646",
          "T040879",
          "T054838",
          "T053307",
          "T053858",
          "T053308"
        ]
      },
      "release_date": "2026-04-23T22:00:00.000+00:00",
      "title": "CVE-2026-40972"
    },
    {
      "cve": "CVE-2026-40973",
      "product_status": {
        "known_affected": [
          "67646",
          "T040879",
          "T054838",
          "T053307",
          "T053858",
          "T053308"
        ]
      },
      "release_date": "2026-04-23T22:00:00.000+00:00",
      "title": "CVE-2026-40973"
    },
    {
      "cve": "CVE-2026-40974",
      "product_status": {
        "known_affected": [
          "67646",
          "T040879",
          "T054838",
          "T053307",
          "T053858",
          "T053308"
        ]
      },
      "release_date": "2026-04-23T22:00:00.000+00:00",
      "title": "CVE-2026-40974"
    },
    {
      "cve": "CVE-2026-40975",
      "product_status": {
        "known_affected": [
          "67646",
          "T040879",
          "T054838",
          "T053307",
          "T053858",
          "T053308"
        ]
      },
      "release_date": "2026-04-23T22:00:00.000+00:00",
      "title": "CVE-2026-40975"
    },
    {
      "cve": "CVE-2026-40976",
      "product_status": {
        "known_affected": [
          "67646",
          "T040879",
          "T054838",
          "T053307",
          "T053858",
          "T053308"
        ]
      },
      "release_date": "2026-04-23T22:00:00.000+00:00",
      "title": "CVE-2026-40976"
    },
    {
      "cve": "CVE-2026-40977",
      "product_status": {
        "known_affected": [
          "67646",
          "T040879",
          "T054838",
          "T053307",
          "T053858",
          "T053308"
        ]
      },
      "release_date": "2026-04-23T22:00:00.000+00:00",
      "title": "CVE-2026-40977"
    }
  ]
}

CVE-2026-40970 (GCVE-0-2026-40970)

Vulnerability from cvelistv5 – Published: 2026-04-27 19:09 – Updated: 2026-04-27 19:30

Summary

When configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server. Affected: Spring Boot 4.0.0–4.0.5; upgrade to 4.0.6 or later per vendor advisory.

Severity

5 (Medium)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-295 - Improper Certificate Validation

Assigner

vmware

References

1 reference

URL	Tags
https://spring.io/security/cve-2026-40970

Impacted products

1 product

Vendor	Product	Version
Spring	Spring Boot	Affected: 4.0.0 , < 4.0.6 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-40970",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-27T19:30:39.247639Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-27T19:30:55.167Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Spring Boot",
          "vendor": "Spring",
          "versions": [
            {
              "lessThan": "4.0.6",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eWhen configured to use an SSL bundle, Spring Boot\u0027s Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server.\u003c/p\u003e\u003cp\u003eAffected: Spring Boot 4.0.0\u20134.0.5; upgrade to 4.0.6 or later per vendor advisory.\u003c/p\u003e"
            }
          ],
          "value": "When configured to use an SSL bundle, Spring Boot\u0027s Elasticsearch auto-configuration does not perform hostname verification when connecting to the Elasticsearch server.\n\nAffected: Spring Boot 4.0.0\u20134.0.5; upgrade to 4.0.6 or later per vendor advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-27T19:09:58.835Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://spring.io/security/cve-2026-40970"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2026-40970",
    "datePublished": "2026-04-27T19:09:58.835Z",
    "dateReserved": "2026-04-16T02:18:56.133Z",
    "dateUpdated": "2026-04-27T19:30:55.167Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-40971 (GCVE-0-2026-40971)

Vulnerability from cvelistv5 – Published: 2026-04-27 22:45 – Updated: 2026-04-28 12:46

Summary

When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14) per vendor advisory.

Severity

5 (Medium)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-295 - Improper Certificate Validation

Assigner

vmware

References

1 reference

URL	Tags
https://spring.io/security/cve-2026-40971

Impacted products

1 product

Vendor	Product	Version
Spring	Spring Boot	Affected: 4.0.0 , < 4.0.6 (custom) Affected: 3.5.0 , < 3.5.14 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-40971",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-28T12:46:22.032309Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-28T12:46:29.029Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Spring Boot",
          "vendor": "Spring",
          "versions": [
            {
              "lessThan": "4.0.6",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.5.14",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eWhen configured to use an SSL bundle, Spring Boot\u0027s RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker.\u003c/p\u003e\u003cp\u003eAffected: Spring Boot 4.0.0\u20134.0.5 (fix 4.0.6), 3.5.0\u20133.5.13 (fix 3.5.14) per vendor advisory.\u003c/p\u003e"
            }
          ],
          "value": "When configured to use an SSL bundle, Spring Boot\u0027s RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker.\n\nAffected: Spring Boot 4.0.0\u20134.0.5 (fix 4.0.6), 3.5.0\u20133.5.13 (fix 3.5.14) per vendor advisory."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Per CVSS v3.1: Confidentiality LOW; Integrity LOW; Availability LOW."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-27T22:45:13.327Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://spring.io/security/cve-2026-40971"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2026-40971",
    "datePublished": "2026-04-27T22:45:13.327Z",
    "dateReserved": "2026-04-16T02:18:56.133Z",
    "dateUpdated": "2026-04-28T12:46:29.029Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-40972 (GCVE-0-2026-40972)

Vulnerability from cvelistv5 – Published: 2026-04-27 23:15 – Updated: 2026-04-29 03:55

Summary

An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading changed classes, thereby achieving remote code execution in the remote application. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); DevTools remote secret comparison. Versions that are no longer supported are also affected per vendor advisory.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-208 - Observable Timing Discrepancy

Assigner

vmware

References

1 reference

URL	Tags
https://spring.io/security/cve-2026-40972

Impacted products

1 product

Vendor	Product	Version
Spring	Spring Boot	Affected: 4.0.0 , < 4.0.6 (custom) Affected: 3.5.0 , < 3.5.14 (custom) Affected: 3.4.0 , < 3.4.16 (custom) Affected: 3.3.0 , < 3.3.19 (custom) Affected: 2.7.0 , < 2.7.33 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-40972",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-28T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-29T03:55:44.263Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "spring-boot-devtools"
          ],
          "product": "Spring Boot",
          "vendor": "Spring",
          "versions": [
            {
              "lessThan": "4.0.6",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.5.14",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.4.16",
              "status": "affected",
              "version": "3.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.3.19",
              "status": "affected",
              "version": "3.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "2.7.33",
              "status": "affected",
              "version": "2.7.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eAn attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading changed classes, thereby achieving remote code execution in the remote application.\u003c/p\u003e\u003cp\u003eAffected: Spring Boot 4.0.0\u20134.0.5 (fix 4.0.6), 3.5.0\u20133.5.13 (fix 3.5.14), 3.4.0\u20133.4.15 (fix 3.4.16), 3.3.0\u20133.3.18 (fix 3.3.19), 2.7.0\u20132.7.32 (fix 2.7.33); DevTools remote secret comparison. Versions that are no longer supported are also affected per vendor advisory.\u003c/p\u003e"
            }
          ],
          "value": "An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading changed classes, thereby achieving remote code execution in the remote application.\n\nAffected: Spring Boot 4.0.0\u20134.0.5 (fix 4.0.6), 3.5.0\u20133.5.13 (fix 3.5.14), 3.4.0\u20133.4.15 (fix 3.4.16), 3.3.0\u20133.3.18 (fix 3.3.19), 2.7.0\u20132.7.32 (fix 2.7.33); DevTools remote secret comparison. Versions that are no longer supported are also affected per vendor advisory."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Per CVSS v3.1: Confidentiality HIGH; Integrity HIGH; Availability HIGH."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-208",
              "description": "CWE-208: Observable Timing Discrepancy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-27T23:15:19.194Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://spring.io/security/cve-2026-40972"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2026-40972",
    "datePublished": "2026-04-27T23:15:19.194Z",
    "dateReserved": "2026-04-16T02:18:56.133Z",
    "dateUpdated": "2026-04-29T03:55:44.263Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-40973 (GCVE-0-2026-40973)

Vulnerability from cvelistv5 – Published: 2026-04-27 23:29 – Updated: 2026-04-29 03:55

Summary

A local attacker on the same host as the application may be able to take control of the directory used by `ApplicationTemp`. When `server.servlet.session.persistent` is set to `true` and the attack persists across application restarts, this may allow the attacker to read session information and hijack authenticated users or deploy a gadget chain and execute code as the application's user. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); predictable temp directory / `ApplicationTemp` ownership verification. Versions that are no longer supported are also affected per vendor advisory.

Severity

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-377 - Insecure Temporary File

Assigner

vmware

References

1 reference

URL	Tags
https://spring.io/security/cve-2026-40973

Impacted products

1 product

Vendor	Product	Version
Spring	Spring Boot	Affected: 4.0.0 , < 4.0.6 (custom) Affected: 3.5.0 , < 3.5.14 (custom) Affected: 3.4.0 , < 3.4.16 (custom) Affected: 3.3.0 , < 3.3.19 (custom) Affected: 2.7.0 , < 2.7.33 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-40973",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-28T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-29T03:55:43.148Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Spring Boot",
          "vendor": "Spring",
          "versions": [
            {
              "lessThan": "4.0.6",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.5.14",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.4.16",
              "status": "affected",
              "version": "3.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.3.19",
              "status": "affected",
              "version": "3.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "2.7.33",
              "status": "affected",
              "version": "2.7.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eA local attacker on the same host as the application may be able to take control of the directory used by \u003ccode\u003eApplicationTemp\u003c/code\u003e. When \u003ccode\u003eserver.servlet.session.persistent\u003c/code\u003e is set to \u003ccode\u003etrue\u003c/code\u003e and the attack persists across application restarts, this may allow the attacker to read session information and hijack authenticated users or deploy a gadget chain and execute code as the application\u0027s user.\u003c/p\u003e\u003cp\u003eAffected: Spring Boot 4.0.0\u20134.0.5 (fix 4.0.6), 3.5.0\u20133.5.13 (fix 3.5.14), 3.4.0\u20133.4.15 (fix 3.4.16), 3.3.0\u20133.3.18 (fix 3.3.19), 2.7.0\u20132.7.32 (fix 2.7.33); predictable temp directory / \u003ccode\u003eApplicationTemp\u003c/code\u003e ownership verification. Versions that are no longer supported are also affected per vendor advisory.\u003c/p\u003e"
            }
          ],
          "value": "A local attacker on the same host as the application may be able to take control of the directory used by `ApplicationTemp`. When `server.servlet.session.persistent` is set to `true` and the attack persists across application restarts, this may allow the attacker to read session information and hijack authenticated users or deploy a gadget chain and execute code as the application\u0027s user.\n\nAffected: Spring Boot 4.0.0\u20134.0.5 (fix 4.0.6), 3.5.0\u20133.5.13 (fix 3.5.14), 3.4.0\u20133.4.15 (fix 3.4.16), 3.3.0\u20133.3.18 (fix 3.3.19), 2.7.0\u20132.7.32 (fix 2.7.33); predictable temp directory / `ApplicationTemp` ownership verification. Versions that are no longer supported are also affected per vendor advisory."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Per CVSS v3.1: Confidentiality HIGH; Integrity HIGH; Availability HIGH."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-377",
              "description": "CWE-377: Insecure Temporary File",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-27T23:29:51.946Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://spring.io/security/cve-2026-40973"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2026-40973",
    "datePublished": "2026-04-27T23:29:51.946Z",
    "dateReserved": "2026-04-16T02:18:56.133Z",
    "dateUpdated": "2026-04-29T03:55:43.148Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-40974 (GCVE-0-2026-40974)

Vulnerability from cvelistv5 – Published: 2026-04-27 23:31 – Updated: 2026-04-28 12:41

Summary

Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); Cassandra SSL auto-configuration. Versions that are no longer supported are also affected per vendor advisory.

Severity

5 (Medium)


                        
                          CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-295 - Improper Certificate Validation

Assigner

vmware

References

1 reference

URL	Tags
https://spring.io/security/cve-2026-40974

Impacted products

1 product

Vendor	Product	Version
Spring	Spring Boot	Affected: 4.0.0 , < 4.0.6 (custom) Affected: 3.5.0 , < 3.5.14 (custom) Affected: 3.4.0 , < 3.4.16 (custom) Affected: 3.3.0 , < 3.3.19 (custom) Affected: 2.7.0 , < 2.7.33 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-40974",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-28T12:41:44.578319Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-28T12:41:52.250Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Spring Boot",
          "vendor": "Spring",
          "versions": [
            {
              "lessThan": "4.0.6",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.5.14",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.4.16",
              "status": "affected",
              "version": "3.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.3.19",
              "status": "affected",
              "version": "3.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "2.7.33",
              "status": "affected",
              "version": "2.7.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eSpring Boot\u0027s Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra.\u003c/p\u003e\u003cp\u003eAffected: Spring Boot 4.0.0\u20134.0.5 (fix 4.0.6), 3.5.0\u20133.5.13 (fix 3.5.14), 3.4.0\u20133.4.15 (fix 3.4.16), 3.3.0\u20133.3.18 (fix 3.3.19), 2.7.0\u20132.7.32 (fix 2.7.33); Cassandra SSL auto-configuration. Versions that are no longer supported are also affected per vendor advisory.\u003c/p\u003e"
            }
          ],
          "value": "Spring Boot\u0027s Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra.\n\nAffected: Spring Boot 4.0.0\u20134.0.5 (fix 4.0.6), 3.5.0\u20133.5.13 (fix 3.5.14), 3.4.0\u20133.4.15 (fix 3.4.16), 3.3.0\u20133.3.18 (fix 3.3.19), 2.7.0\u20132.7.32 (fix 2.7.33); Cassandra SSL auto-configuration. Versions that are no longer supported are also affected per vendor advisory."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Per CVSS v3.1: Confidentiality LOW; Integrity LOW; Availability LOW."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-27T23:31:40.629Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://spring.io/security/cve-2026-40974"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2026-40974",
    "datePublished": "2026-04-27T23:31:40.629Z",
    "dateReserved": "2026-04-16T02:19:04.615Z",
    "dateUpdated": "2026-04-28T12:41:52.250Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-40975 (GCVE-0-2026-40975)

Vulnerability from cvelistv5 – Published: 2026-04-27 23:32 – Updated: 2026-04-28 14:35

Summary

Values produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affected. ${random.int} and ${random.long} should never be used for secrets as they are numeric values with a predictable range. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); random value property source / weak PRNG for secrets. Versions that are no longer supported are also affected per vendor advisory.

Severity

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-330 - Use of Insufficiently Random Values

Assigner

vmware

References

1 reference

URL	Tags
https://spring.io/security/cve-2026-40975

Impacted products

1 product

Vendor	Product	Version
Spring	Spring Boot	Affected: 4.0.0 , < 4.0.6 (custom) Affected: 3.5.0 , < 3.5.14 (custom) Affected: 3.4.0 , < 3.4.16 (custom) Affected: 3.3.0 , < 3.3.19 (custom) Affected: 2.7.0 , < 2.7.33 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-40975",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-28T13:51:27.326869Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-28T14:35:05.760Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Spring Boot",
          "vendor": "Spring",
          "versions": [
            {
              "lessThan": "4.0.6",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.5.14",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.4.16",
              "status": "affected",
              "version": "3.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.3.19",
              "status": "affected",
              "version": "3.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "2.7.33",
              "status": "affected",
              "version": "2.7.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eValues produced by \u003ccode\u003e${random.value}\u003c/code\u003e are not suitable for use as secrets. \u003ccode\u003e${random.uuid}\u003c/code\u003e is not affected. \u003ccode\u003e${random.int}\u003c/code\u003e and \u003ccode\u003e${random.long}\u003c/code\u003e should never be used for secrets as they are numeric values with a predictable range.\u003c/p\u003e\u003cp\u003eAffected: Spring Boot 4.0.0\u20134.0.5 (fix 4.0.6), 3.5.0\u20133.5.13 (fix 3.5.14), 3.4.0\u20133.4.15 (fix 3.4.16), 3.3.0\u20133.3.18 (fix 3.3.19), 2.7.0\u20132.7.32 (fix 2.7.33); random value property source / weak PRNG for secrets. Versions that are no longer supported are also affected per vendor advisory.\u003c/p\u003e"
            }
          ],
          "value": "Values produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affected. ${random.int} and ${random.long} should never be used for secrets as they are numeric values with a predictable range.\n\nAffected: Spring Boot 4.0.0\u20134.0.5 (fix 4.0.6), 3.5.0\u20133.5.13 (fix 3.5.14), 3.4.0\u20133.4.15 (fix 3.4.16), 3.3.0\u20133.3.18 (fix 3.3.19), 2.7.0\u20132.7.32 (fix 2.7.33); random value property source / weak PRNG for secrets. Versions that are no longer supported are also affected per vendor advisory."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Per CVSS v3.1: Confidentiality LOW; Integrity LOW; Availability NONE."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-330",
              "description": "CWE-330: Use of Insufficiently Random Values",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-27T23:32:58.596Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://spring.io/security/cve-2026-40975"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2026-40975",
    "datePublished": "2026-04-27T23:32:58.596Z",
    "dateReserved": "2026-04-16T02:19:04.616Z",
    "dateUpdated": "2026-04-28T14:35:05.760Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-40976 (GCVE-0-2026-40976)

Vulnerability from cvelistv5 – Published: 2026-04-27 23:34 – Updated: 2026-04-29 03:55

Summary

In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter chain; depend on spring-boot-actuator-autoconfigure; not depend on spring-boot-health. If any of the above does not apply, the application is not vulnerable. Affected: Spring Boot 4.0.0–4.0.5; upgrade to 4.0.6 or later per vendor advisory.

Severity

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

SSVC

Exploitation: none Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-862 - Missing Authorization

Assigner

vmware

References

1 reference

URL	Tags
https://spring.io/security/cve-2026-40976

Impacted products

1 product

Vendor	Product	Version
Spring	Spring Boot	Affected: 4.0.0 , < 4.0.6 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-40976",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-28T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-29T03:55:41.205Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "spring-boot-actuator-autoconfigure"
          ],
          "product": "Spring Boot",
          "vendor": "Spring",
          "versions": [
            {
              "lessThan": "4.0.6",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIn certain circumstances, Spring Boot\u0027s default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must:\u003c/p\u003e\u003cul\u003e\u003cli\u003ebe a servlet-based web application\u003c/li\u003e\u003cli\u003ehave no Spring Security configuration of its own and rely on the default web security filter chain\u003c/li\u003e\u003cli\u003edepend on \u003ccode\u003espring-boot-actuator-autoconfigure\u003c/code\u003e\u003c/li\u003e\u003cli\u003enot depend on \u003ccode\u003espring-boot-health\u003c/code\u003e\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eIf any of the above does not apply, the application is not vulnerable.\u003c/p\u003e\u003cp\u003eAffected: Spring Boot 4.0.0\u20134.0.5; upgrade to 4.0.6 or later per vendor advisory.\u003c/p\u003e"
            }
          ],
          "value": "In certain circumstances, Spring Boot\u0027s default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter chain; depend on spring-boot-actuator-autoconfigure; not depend on spring-boot-health. If any of the above does not apply, the application is not vulnerable.\n\nAffected: Spring Boot 4.0.0\u20134.0.5; upgrade to 4.0.6 or later per vendor advisory."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Per CVSS v3.1: Confidentiality HIGH; Integrity HIGH; Availability NONE."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-27T23:34:51.422Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://spring.io/security/cve-2026-40976"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2026-40976",
    "datePublished": "2026-04-27T23:34:51.422Z",
    "dateReserved": "2026-04-16T02:19:04.616Z",
    "dateUpdated": "2026-04-29T03:55:41.205Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-40977 (GCVE-0-2026-40977)

Vulnerability from cvelistv5 – Published: 2026-04-27 23:36 – Updated: 2026-04-28 14:34

Summary

When an application is configured to use `ApplicationPidFileWriter`, a local attacker with write access to the PID file's location can corrupt one file on the host each time the application is started. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); PID file / symlink behavior (`ApplicationPidFileWriter`). Versions that are no longer supported are also affected per vendor advisory.

Severity

4.7 (Medium)


                        
                          CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-59 - Improper Link Resolution Before File Access

Assigner

vmware

References

1 reference

URL	Tags
https://spring.io/security/cve-2026-40977

Impacted products

1 product

Vendor	Product	Version
Spring	Spring Boot	Affected: 4.0.0 , < 4.0.6 (custom) Affected: 3.5.0 , < 3.5.14 (custom) Affected: 3.4.0 , < 3.4.16 (custom) Affected: 3.3.0 , < 3.3.19 (custom) Affected: 2.7.0 , < 2.7.33 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-40977",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-28T13:55:11.041412Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-28T14:34:36.220Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Spring Boot",
          "vendor": "Spring",
          "versions": [
            {
              "lessThan": "4.0.6",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.5.14",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.4.16",
              "status": "affected",
              "version": "3.4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.3.19",
              "status": "affected",
              "version": "3.3.0",
              "versionType": "custom"
            },
            {
              "lessThan": "2.7.33",
              "status": "affected",
              "version": "2.7.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eWhen an application is configured to use \u003ccode\u003eApplicationPidFileWriter\u003c/code\u003e, a local attacker with write access to the PID file\u0027s location can corrupt one file on the host each time the application is started.\u003c/p\u003e\u003cp\u003eAffected: Spring Boot 4.0.0\u20134.0.5 (fix 4.0.6), 3.5.0\u20133.5.13 (fix 3.5.14), 3.4.0\u20133.4.15 (fix 3.4.16), 3.3.0\u20133.3.18 (fix 3.3.19), 2.7.0\u20132.7.32 (fix 2.7.33); PID file / symlink behavior (\u003ccode\u003eApplicationPidFileWriter\u003c/code\u003e). Versions that are no longer supported are also affected per vendor advisory.\u003c/p\u003e"
            }
          ],
          "value": "When an application is configured to use `ApplicationPidFileWriter`, a local attacker with write access to the PID file\u0027s location can corrupt one file on the host each time the application is started.\n\nAffected: Spring Boot 4.0.0\u20134.0.5 (fix 4.0.6), 3.5.0\u20133.5.13 (fix 3.5.14), 3.4.0\u20133.4.15 (fix 3.4.16), 3.3.0\u20133.3.18 (fix 3.3.19), 2.7.0\u20132.7.32 (fix 2.7.33); PID file / symlink behavior (`ApplicationPidFileWriter`). Versions that are no longer supported are also affected per vendor advisory."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Per CVSS v3.1: Confidentiality NONE; Integrity LOW; Availability HIGH."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-59",
              "description": "CWE-59: Improper Link Resolution Before File Access",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-27T23:36:06.654Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://spring.io/security/cve-2026-40977"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2026-40977",
    "datePublished": "2026-04-27T23:36:06.654Z",
    "dateReserved": "2026-04-16T02:19:04.616Z",
    "dateUpdated": "2026-04-28T14:34:36.220Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-1263

CVE-2026-40970 (GCVE-0-2026-40970)

CVE-2026-40971 (GCVE-0-2026-40971)

CVE-2026-40972 (GCVE-0-2026-40972)

CVE-2026-40973 (GCVE-0-2026-40973)

CVE-2026-40974 (GCVE-0-2026-40974)

CVE-2026-40975 (GCVE-0-2026-40975)

CVE-2026-40976 (GCVE-0-2026-40976)

CVE-2026-40977 (GCVE-0-2026-40977)

Tags

Sightings

Nomenclature