CVE Catalog

CVE-2026-40987

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.21%

11th percentile - higher than 11% of all known CVEs

Summary

A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem (outside the configured local-directory) with attacker-controlled content.

Risk Assessment

The organization may be exposed to unauthorized data modifications and potential information leaks, which could lead to serious legal and financial consequences.

Recommendation

It is recommended to update to the latest version of Spring Integration and implement appropriate security measures on FTP/SFTP/SMB servers to mitigate attack risks.

Original NVD description (English source)

A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem (outside the configured local-directory) with attacker-controlled content. Affected versions: Spring Integration 7.0.0 through 7.0.4; 6.5.0 through 6.5.8; 6.4.0 through 6.4.11; 6.3.0 through 6.3.14; 5.5.0 through 5.5.20.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS