CVE Catalog

CVE-2026-41853

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

8th percentile - higher than 8% of all known CVEs

Summary

Vulnerability in Spring MVC and WebFlux allows Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

Risk Assessment

An attacker can smuggle malicious multipart requests, potentially bypassing security controls, hijacking sessions, or performing unauthorized actions.

Recommendation

Immediately update Spring Framework to version 7.0.8, 6.2.19, 6.1.28, or 5.3.49, depending on the branch used.

Original NVD description (English source)

Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS