EUVD-2026-35334

🗓️ 09 Jun 2026 03:50:56Reported by EUVDType

Spring Framework form tags allow HTML/JavaScript in css attributes, enabling cross site scripting.

Reporter	Title	Published	Views	Family All 4
CVE	CVE-2026-41846	9 Jun 202603:50	–	cve
Cvelist	CVE-2026-41846 Spring Framework Cross-site Scripting via JSP Form Tags	9 Jun 202603:50	–	cvelist
NVD	CVE-2026-41846	9 Jun 202605:16	–	nvd
Positive Technologies	PT-2026-47657	9 Jun 202600:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "6a5c4377-8be7-3200-9ae3-99854be15085",
        "vendor": {
          "name": "Spring"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "097e7f90-3ea6-3b62-bb5e-a2c4828073eb",
        "product": {
          "name": "Spring Framework",
          "vendor": {
            "name": "VMware"
          }
        },
        "product_version": "7.0.0 <7.0.8"
      },
      {
        "id": "a0449254-425c-3827-a696-e023173668e0",
        "product": {
          "name": "Spring Framework",
          "vendor": {
            "name": "VMware"
          }
        },
        "product_version": "6.1.0 <6.1.28"
      },
      {
        "id": "c3a201dd-95e4-3834-801f-95b7e6023495",
        "product": {
          "name": "Spring Framework",
          "vendor": {
            "name": "VMware"
          }
        },
        "product_version": "6.2.0 <6.2.19"
      },
      {
        "id": "c492604e-5281-35bd-9dd1-6835301c93d9",
        "product": {
          "name": "Spring Framework",
          "vendor": {
            "name": "VMware"
          }
        },
        "product_version": "5.3.0 <5.3.49"
      }
    ]
  }
]

Source	Link
spring	www.spring.io/security/cve-2026-41846

09 Jun 2026 03:50Current

5.4Medium risk

Vulners AI Score5.4

CVSS 3.15.9