CVE Catalog
CVE-2026-41843
MediumCVSS 5.9Exploitation Probability (EPSS)
Low risk0.34%
26th percentile - higher than 26% of all known CVEs
Summary
Path Traversal vulnerability in Spring MVC and WebFlux when resolving static resources. An attacker can access files outside the target directory.
Risk Assessment
Risk of unauthorized reading of sensitive files on the server, potentially leading to disclosure of configuration data or source code.
Recommendation
Upgrade Spring Framework to version 7.0.8, 6.2.19, 6.1.28, or 5.3.49, depending on the branch used.
Original NVD description (English source)
Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

