MEDIUM | JUNE 10, 2026 | CVE-2026-40997
Description Several Spring WS integration paths with Spring Security could surface detailed account state (for example locked or disabled user semantics) to remote SOAP clients through exception messages or callback outcomes, instead of failing with generic…
MEDIUM | JUNE 10, 2026 | CVE-2026-40986
Description Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as
HTML even when the response is not "text/html", which can result in a scripting attack
in the user's browser if the error response from the server contains error…
HIGH | JUNE 10, 2026 | CVE-2026-40998
Description Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled XML with the JDK’s default DocumentBuilderFactory behavior instead of Spring’s hardened parser configuration…
HIGH | JUNE 10, 2026 | CVE-2026-40999
Description When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that…
LOW | JUNE 10, 2026 | CVE-2026-41000
Description Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements, and…
MEDIUM | JUNE 10, 2026 | CVE-2026-41001
Description Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or…
HIGH | JUNE 10, 2026 | CVE-2026-41699
Description Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. More precisely, an application is vulnerable when all the following are true: the application is using Spring GraphQL the…
HIGH | JUNE 10, 2026 | CVE-2026-41700
Description Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. More precisely, an application is vulnerable when all the following are true: the application has enabled the GraphQL…
HIGH | JUNE 10, 2026 | CVE-2026-41856
Description The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within type hierarchies.
This can be an issue if such annotations are used for authorization decisions. Spring for…
MEDIUM | JUNE 09, 2026 | CVE-2026-40988
Description An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory. Affected…
