CVE-2026-41849
Spring Framework Denial of Service via Integer Overflow in SpEL Expressions
An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language (SpEL). An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service (DoS).
Affected versions:
Spring Framework 5.3.0 through 5.3.48.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Produtos afetados
Spring · Spring FrameworkQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →Referências
https://spring.io/security/cve-2026-41849