HIGH | JUNE 12, 2026 | CVE-2026-47835
In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected Spring Products and Versions Spring AI: 1.0.0 - 1.0.x 1.1.0 - 1.1.x Affected…
HIGH | JUNE 11, 2026 | CVE-2026-41708
In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: the application uses a…
HIGH | JUNE 11, 2026 | CVE-2026-47825
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected Spring Products and Versions Spring Cloud…
HIGH | JUNE 11, 2026 | CVE-2026-41862
Spring Statemachine's Kryo-based persistence backends (JPA, MongoDB, Redis and ZooKeeper) deserialise persisted state-machine contexts without enforcing a class allowlist (CWE-502, deserialisation of untrusted data), which can lead to remote code…
MEDIUM | JUNE 10, 2026 | CVE-2026-40992
Spring Boot's Mail auto-configuration does not enable hostname verification.
Applications that set the relevant JavaMail property, such as
spring.mail.properties.mail.smtp.ssl.checkserveridentity=true, are not affected. Affected Spring Products and…
MEDIUM | JUNE 10, 2026 | CVE-2026-41001
Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or…
HIGH | JUNE 10, 2026 | CVE-2026-40987
A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem (outside the configured local-directory) with attacker-controlled content. Affected Spring Products and Versions Spring Integration: 7.0.…
HIGH | JUNE 10, 2026 | CVE-2026-41699
Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. More precisely, an application is vulnerable when all the following are true: the application is using Spring GraphQL the…
HIGH | JUNE 10, 2026 | CVE-2026-41700
Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. More precisely, an application is vulnerable when all the following are true: the application has enabled the GraphQL…
HIGH | JUNE 10, 2026 | CVE-2026-41856
The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within type hierarchies.
This can be an issue if such annotations are used for authorization decisions. Spring for…
