CVE-2026-41853
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk8th percentile - higher than 8% of all known CVEs
Summary
Vulnerability in Spring MVC and WebFlux allows Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
Risk Assessment
An attacker can smuggle malicious multipart requests, potentially bypassing security controls, hijacking sessions, or performing unauthorized actions.
Recommendation
Immediately update Spring Framework to version 7.0.8, 6.2.19, 6.1.28, or 5.3.49, depending on the branch used.
Original NVD description (English source)
Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

