Vulnerabilities in Spring
149 resultsCVE-2026-40998HIGHJaxp13 XPath XXE via StreamSource and SAXSourceEPSS 0.4%CVE-2026-41856HIGHSpring GraphQL Annotation Detection VulnerabilityEPSS 0.4%CVE-2026-41732HIGHIn Spring for Apache Pulsar, overly broad trusted-package matching in header mapper exposes JDK classes to deserializationEPSS 0.3%CVE-2026-40983HIGHMicrometer gRPC server instrumentation DoS vulnerabilityEPSS 0.3%CVE-2026-41843MEDIUMSpring Framework Path Traversal via Versioned Static Resources in Spring MVC and WebFluxEPSS 0.3%CVE-2026-41731HIGHIn Spring for Apache Kafka, overly broad trusted-package matching in header mappers exposes JDK classes to deserializationEPSS 0.3%CVE-2026-40978HIGHSQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafted document IDs.EPSS 0.3%CVE-2025-22233LOWSpring Framework DataBinder Case Sensitive Match ExceptionEPSS 0.3%CVE-2026-22731HIGHAuthentication Bypass under Actuator Health groups pathsEPSS 0.3%CVE-2026-40988HIGHUnbounded DEFLATE Inflation in SAML 2.0 Service ProviderEPSS 0.3%CVE-2026-41721MEDIUMSpring Data Commons Denial of Service via Data BindingEPSS 0.3%CVE-2026-41717HIGHSpring Data MongoDB - SpEL Expression Injection via Annotated Query Parameter BindingEPSS 0.3%CVE-2026-41848LOWSpring Framework Denial of Service via AntPathMatcherEPSS 0.3%CVE-2026-41841MEDIUMSpring Framework Information Disclosure via Static Resource Cache in Spring MVC and WebFluxEPSS 0.3%CVE-2026-41728HIGHSpring Data REST JSON Patch bypasses Jackson read-only property protection on nested objects and collectionsEPSS 0.3%CVE-2026-41007HIGHSpring HATEOAS heap exhaustion through unbounded internal cachingEPSS 0.3%CVE-2026-41726MEDIUMIn Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector headerEPSS 0.3%CVE-2026-41711MEDIUMPotential Denial of Service through crafted Sort ParametersEPSS 0.3%CVE-2026-41710MEDIUMCache Exhaustion in Stateful Retries leads to Denial of ServiceEPSS 0.3%CVE-2026-41708HIGHSpring Cloud Sleuth instrumentation of Spring TX DoS vulnerabilityEPSS 0.3%