CVE Catalog

CVE-2026-41840

MediumCVSS 5.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile - higher than 16% of all known CVEs

Summary

Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 through 6.1.27, 5.3.0 through 5.3.48.

Risk Assessment

An attacker can send a specially crafted multipart request, causing excessive resource consumption and making the application unavailable.

Recommendation

It is recommended to immediately update Spring Framework to version 7.0.8, 6.2.19, 6.1.28, or 5.3.49, depending on the branch used.

Original NVD description (English source)

Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 through 6.1.27, 5.3.0 through 5.3.48.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS