CVE Catalog

CVE-2026-41001

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.09%

1th percentile — higher than 1% of all known CVEs

Summary

Spring Boot uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker can pre-create this predictable directory or place a symlink before the application starts.

Risk Assessment

An attacker may gain access to the message broker's data, potentially leading to information disclosure or data manipulation. This poses a serious threat to the integrity and confidentiality of the application's data.

Recommendation

It is recommended to configure a custom path for the Artemis broker's data directory to avoid using the default static location. Regularly reviewing and updating Spring Boot versions will also help secure the application.

Original NVD description (English source)

Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts. Affected versions: Spring Boot 4.0.0 through 4.0.6; 3.5.0 through 3.5.14; 3.4.0 through 3.4.16; 3.3.0 through 3.3.19; 2.7.0 through 2.7.33.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS