EUVD-2026-35883

🗓️ 10 Jun 2026 00:31:51Reported by EUVDType

Security Assertion Language Redirect binding DoS via unbounded writer inflating payload.

Reporter	Title	Published	Views	Family All 5
Circl	CVE-2026-40988	10 Jun 202605:00	–	circl
CVE	CVE-2026-40988	9 Jun 202623:46	–	cve
Cvelist	CVE-2026-40988 Unbounded DEFLATE Inflation in SAML 2.0 Service Provider	9 Jun 202623:46	–	cvelist
NVD	CVE-2026-40988	10 Jun 202600:16	–	nvd
Positive Technologies	PT-2026-48305	9 Jun 202600:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "cedfd587-e225-3484-9be3-3a0b57c1567e",
        "vendor": {
          "name": "Spring"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "35b5c940-ae3e-3c65-8caf-3287a0054ba0",
        "product": {
          "name": "Spring Security",
          "vendor": {
            "name": "Spring"
          }
        },
        "product_version": "6.4.0 <6.4.17"
      },
      {
        "id": "603aadff-0808-3959-b7ac-5debe969da75",
        "product": {
          "name": "Spring Security",
          "vendor": {
            "name": "Spring"
          }
        },
        "product_version": "5.7.0 <5.7.24"
      },
      {
        "id": "7307487e-a491-3ff3-8190-8331ecbbdac8",
        "product": {
          "name": "Spring Security",
          "vendor": {
            "name": "Spring"
          }
        },
        "product_version": "7.0.0 <7.0.6"
      },
      {
        "id": "966bc60b-e7ba-3609-9994-048ac6c002d9",
        "product": {
          "name": "Spring Security",
          "vendor": {
            "name": "Spring"
          }
        },
        "product_version": "5.8.0 <5.8.26"
      },
      {
        "id": "c1e9a3bd-a7ee-3837-8bf9-4f5aac008fd5",
        "product": {
          "name": "Spring Security",
          "vendor": {
            "name": "Spring"
          }
        },
        "product_version": "6.5.0 <6.5.11"
      },
      {
        "id": "c7054a4d-0b73-30cb-97ad-1b922e9b415c",
        "product": {
          "name": "Spring Security",
          "vendor": {
            "name": "Spring"
          }
        },
        "product_version": "6.3.0 <6.3.17"
      }
    ]
  }
]

Source	Link
spring	www.spring.io/security/cve-2026-40988
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-40988

10 Jun 2026 00:31Current

5.5Medium risk

Vulners AI Score5.5

CVSS 3.17.5