LOW | JUNE 08, 2026 | CVE-2026-41852
A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for
arbitrary zero-argument method invocation, even within restricted or read-only contexts,
which may allow an attacker to invoke unintended application logic…
MEDIUM | JUNE 08, 2026 | CVE-2026-41853
Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. More precisely, an application can be vulnerable when all the following are true: The application uses Spring MVC or Spring WebFlux. The application accepts…
MEDIUM | JUNE 08, 2026 | CVE-2026-41851
Applications which accept user-supplied Spring Expression Language (SpEL) expressions may
be vulnerable to a Denial of Service (DoS) attack if the evaluation of a SpEL expression
triggers unbounded cache growth. More precisely, an application can…
LOW | JUNE 08, 2026 | CVE-2026-41854
Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse
and validate an externally provided URL string may be exposed to a server-side request
forgery (SSRF) attack. Affected Spring Products and Versions Spring…
HIGH | JUNE 08, 2026 | CVE-2026-41855
In an untrusted JMS environment,
org.springframework.jms.support.converter.MappingJackson2MessageConverter and
org.springframework.jms.support.converter.JacksonJsonMessageConverter allow arbitrary
class instantiation, which can lead to unauthorized…
HIGH | JUNE 08, 2026 | CVE-2026-41006
Spring HATEOAS's internal PropertyUtils.createObjectFromProperties method, used by the Collection+JSON and UBER media type deserializers, performs bean property binding via reflection without consulting Jackson access-control annotations. Affected…
HIGH | JUNE 08, 2026 | CVE-2026-41007
Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on attacker-supplied strings. Affected applications are those that deserialize attacker-supplied hypermedia, for example via a @RequestBody bound to a…
MEDIUM | JUNE 08, 2026 | CVE-2026-41715
In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials.
In order for this to happen, the HTTP client must have been explicitly configured to follow redirects…
HIGH | JUNE 08, 2026 | CVE-2026-40984
In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: the application uses a vulnerable…
HIGH | JUNE 08, 2026 | CVE-2026-40983
In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: the application uses a vulnerable…
