CVE-2026-41701 In Spring AMQP sequential correlation IDs enable reply poisoning on fixed reply queues

🗓️ 09 Jun 2026 23:47:54Reported by vmwareType

CVE-2026-41701: Spring AMQP correlation IDs on fixed reply queues are predictable, enabling reply poisoning.

Reporter	Title	Published	Views	Family All 8
CNNVD	VMware Spring AMQP 安全特征问题漏洞	10 Jun 202600:00	–	cnnvd
CVE	CVE-2026-41701	9 Jun 202623:47	–	cve
EUVD	EUVD-2026-35895	10 Jun 202600:31	–	euvd
NVD	CVE-2026-41701	10 Jun 202600:16	–	nvd
Positive Technologies	PT-2026-48314	9 Jun 202600:00	–	ptsecurity
Snyk	Insecure Randomness	10 Jun 202601:13	–	snyk
Spring Security Advisories	CVE-2026-41701: In Spring AMQP sequential correlation IDs enable reply poisoning on fixed reply queues	9 Jun 202600:00	–	spring
Vulnrichment	CVE-2026-41701 In Spring AMQP sequential correlation IDs enable reply poisoning on fixed reply queues	9 Jun 202623:47	–	vulnrichment

[
  {
    "vendor": "Spring",
    "product": "Spring AMQP",
    "versions": [
      {
        "status": "affected",
        "version": "4.0.0",
        "lessThan": "4.0.3.1",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "3.2.0",
        "lessThan": "3.2.10.1",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "3.1.0",
        "lessThan": "3.1.16",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "2.4.0",
        "lessThan": "2.4.18",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
spring	www.spring.io/security/cve-2026-41701

23 Jun 2026 20:48Current

CVSS 3.14.4

EPSS0.00173

CWE-330