CVE Catalog

CVE-2026-41841

MediumCVSS 5.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

23th percentile - higher than 23% of all known CVEs

Summary

Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. The vulnerability affects Spring Framework versions 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 through 6.1.27, and 5.3.0 through 5.3.48.

Risk Assessment

An attacker could exploit this vulnerability to gain unauthorized access to sensitive data or application configuration, potentially leading to information disclosure.

Recommendation

It is recommended to immediately update Spring Framework to the latest available version that includes a fix for CVE-2026-41841.

Original NVD description (English source)

Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS