CVE-2026-41841
MediumCVSS 5.9Exploitation Probability (EPSS)
Low risk23th percentile - higher than 23% of all known CVEs
Summary
Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. The vulnerability affects Spring Framework versions 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 through 6.1.27, and 5.3.0 through 5.3.48.
Risk Assessment
An attacker could exploit this vulnerability to gain unauthorized access to sensitive data or application configuration, potentially leading to information disclosure.
Recommendation
It is recommended to immediately update Spring Framework to the latest available version that includes a fix for CVE-2026-41841.
Original NVD description (English source)
Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

