CVE-2026-41001
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
Spring Boot uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker can pre-create this predictable directory or place a symlink before the application starts.
Risk Assessment
An attacker may gain access to the message broker's data, potentially leading to information disclosure or data manipulation. This poses a serious threat to the integrity and confidentiality of the application's data.
Recommendation
It is recommended to configure a custom path for the Artemis broker's data directory to avoid using the default static location. Regularly reviewing and updating Spring Boot versions will also help secure the application.
Original NVD description (English source)
Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts. Affected versions: Spring Boot 4.0.0 through 4.0.6; 3.5.0 through 3.5.14; 3.4.0 through 3.4.16; 3.3.0 through 3.3.19; 2.7.0 through 2.7.33.

