CVE Catalog

CVE-2026-41843

MediumCVSS 5.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.34%

26th percentile - higher than 26% of all known CVEs

Summary

Path Traversal vulnerability in Spring MVC and WebFlux when resolving static resources. An attacker can access files outside the target directory.

Risk Assessment

Risk of unauthorized reading of sensitive files on the server, potentially leading to disclosure of configuration data or source code.

Recommendation

Upgrade Spring Framework to version 7.0.8, 6.2.19, 6.1.28, or 5.3.49, depending on the branch used.

Original NVD description (English source)

Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS