Vulnerabilidades en Spring
149 resultadosCVE-2026-40974MEDIUMSpring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra.
AffecteEPSS 0.2%CVE-2026-41701MEDIUMIn Spring AMQP sequential correlation IDs enable reply poisoning on fixed reply queuesEPSS 0.2%CVE-2026-41008MEDIUMSpring Security Authorization Server Open Redirect via request_uriEPSS 0.2%CVE-2026-41715MEDIUMReactor Netty HTTP Client Leaks Credentials On Protocol Downgrade RedirectEPSS 0.2%CVE-2026-41838MEDIUMSpring Framework Predictable Session ID in WebSocket ModuleEPSS 0.2%CVE-2026-40968MEDIUMSpring gRPC SecurityContext leaks across requests on authorization failureEPSS 0.2%CVE-2026-41004MEDIUMWhen enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs.
Spring Cloud Config 3.EPSS 0.2%CVE-2026-41847MEDIUMSpring Framework Security Filter Bypass in WebFlux Kotlin Router DSLEPSS 0.2%CVE-2026-41852LOWSpring Framework Arbitrary Method Invocation in SpEL ExpressionsEPSS 0.2%CVE-2026-41845HIGHSpring Framework Cross-site Scripting via JavaScriptUtilsEPSS 0.2%CVE-2026-40971MEDIUMWhen configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to thEPSS 0.2%CVE-2026-40995MEDIUMX.509 authentication bypasses Spring Security account checksEPSS 0.1%CVE-2026-41846MEDIUMSpring Framework Cross-site Scripting via JSP Form TagsEPSS 0.1%CVE-2026-47825HIGHSpring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situationsEPSS 0.1%CVE-2026-41694LOWSAML Payloads Decrypted Without Valid SignatureEPSS 0.1%CVE-2026-40973HIGHA local attacker on the same host as the application may be able to take control of the directory used by `ApplicationTemp`. When `server.seEPSS 0.1%CVE-2026-40970MEDIUMWhen configured to use an SSL bundle, Spring Boot's Elasticsearch auto-configuration does not perform hostname verification when connecting EPSS 0.1%CVE-2026-41844MEDIUMSpring Framework Open Redirect in Spring MVC and WebFluxEPSS 0.1%CVE-2026-41714MEDIUMIn Spring AMQP the RabbitConnectionFactoryBean.setUri("amqps://...") bypasses secure SSL setup, uses TrustEverythingTrustManagerEPSS 0.1%CVE-2026-40996MEDIUMInbound WS-Security allows RSA PKCS#1 v1.5 key transport by defaultEPSS 0.1%