CVE-2026-40991
MediumCVSS 5.9Exploitation Probability (EPSS)
Low risk13th percentile - higher than 13% of all known CVEs
Summary
Vulnerability in Spring REST Docs allows an XXE (XML External Entity) attack when documenting a remote API over HTTP. An attacker can compromise the API or trick the user into documenting a malicious API, leading to an attack when documentation-generating tests are next executed.
Risk Assessment
Risk includes potential data leakage, file reading from the server, or external requests in the application context, which may lead to confidentiality and integrity breaches.
Recommendation
Immediately update Spring REST Docs to version 4.0.1 or later, and for older versions to appropriate patches (3.0.6+, 2.0.9+). Avoid documenting untrusted APIs.
Original NVD description (English source)
When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next executed. Affected versions: Spring REST Docs 4.0.0; 3.0.0 through 3.0.5; 2.0.0.RELEASE through 2.0.8.RELEASE.

