CVE Catalog

CVE-2026-41710

MediumCVSS 5.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

20th percentile - higher than 20% of all known CVEs

Summary

An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. Once the cache is full, it permanently rejects any further updates, causing all later stateful retries and circuit breakers in the application to fail.

Risk Assessment

Exhausting the retry cache can lead to a complete blockage of application functionality, affecting service availability for users.

Recommendation

It is recommended to monitor the number of requests and implement throttling to prevent overloading the retry cache.

Original NVD description (English source)

An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. Once the cache is full, it permanently rejects any further updates, causing all later stateful retries and circuit breakers in the application to fail. Affected versions: Spring Retry 2.0.0 through 2.0.12; 1.3.0 through 1.3.4.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS