CVE-2026-41842
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk32th percentile - higher than 32% of all known CVEs
Summary
Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when resolving static resources. The vulnerability affects Spring Framework versions 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 through 6.1.27, and 5.3.0 through 5.3.48.
Risk Assessment
An attacker can exploit this vulnerability to overload the server, leading to application unavailability for users.
Recommendation
It is recommended to immediately update Spring Framework to the latest patched version.
Original NVD description (English source)
Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

