CVE-2026-41710
MediumCVSS 5.9Exploitation Probability (EPSS)
Low risk20th percentile - higher than 20% of all known CVEs
Summary
An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. Once the cache is full, it permanently rejects any further updates, causing all later stateful retries and circuit breakers in the application to fail.
Risk Assessment
Exhausting the retry cache can lead to a complete blockage of application functionality, affecting service availability for users.
Recommendation
It is recommended to monitor the number of requests and implement throttling to prevent overloading the retry cache.
Original NVD description (English source)
An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. Once the cache is full, it permanently rejects any further updates, causing all later stateful retries and circuit breakers in the application to fail. Affected versions: Spring Retry 2.0.0 through 2.0.12; 1.3.0 through 1.3.4.

