HIGH | JUNE 12, 2026 | CVE-2026-47835
Description In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected Spring Products and Versions Spring AI: 1.0.0 - 1.0.x 1.1.0 - 1.1.x Affected…
HIGH | JUNE 11, 2026 | CVE-2026-41708
Description In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: the application uses a…
HIGH | JUNE 11, 2026 | CVE-2026-41862
Description Spring Statemachine's Kryo-based persistence backends (JPA, MongoDB, Redis and ZooKeeper) deserialise persisted state-machine contexts without enforcing a class allowlist (CWE-502, deserialisation of untrusted data), which can lead to remote code…
HIGH | JUNE 11, 2026 | CVE-2026-47825
Description Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected Spring Products and Versions Spring Cloud…
MEDIUM | JUNE 10, 2026 | CVE-2026-40985
Description Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Pre-conditions: The application explicitly configures the WebFlowELExpressionParser or its base class "ELExpressionParser". The…
MEDIUM | JUNE 10, 2026 | CVE-2026-40986
Description Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as
HTML even when the response is not "text/html", which can result in a scripting attack
in the user's browser if the error response from the server contains error…
HIGH | JUNE 10, 2026 | CVE-2026-40987
Description A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem (outside the configured local-directory) with attacker-controlled content. Affected Spring Products and Versions Spring Integration: 7.0.…
MEDIUM | JUNE 10, 2026 | CVE-2026-40992
Description Spring Boot's Mail auto-configuration does not enable hostname verification.
Applications that set the relevant JavaMail property, such as
spring.mail.properties.mail.smtp.ssl.checkserveridentity=true, are not affected. Affected Spring Products and…
MEDIUM | JUNE 10, 2026 | CVE-2026-40995
Description X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certificate mapped to UserDetails, without applying Spring Security’s standard account lifecycle checks (disabled, locked, expired, or credentials…
HIGH | JUNE 10, 2026 | CVE-2026-40994
Description Wss4jSecurityInterceptor initialized its BSP (WS-I Basic Security Profile) compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData, contradicting the intended secure default and published setter contract. Services…
