CVE-2026-22741

Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is configuring the resource chain support...

CVE-2026-22741

Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is configuring the resource chain support...

CVE-2026-22741 Static resource cache poisoning in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is configuring the resource chain support...

CVE-2026-22741

Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is configuring the resource chain support...

CVE-2026-22741 Static resource cache poisoning in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is configuring the resource chain support...

EUVD-2026-26206

Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the application is configuring the resource chain support...

CVE-2026-22741

CVE-2026-22741 – cache poisoning in static resources (Spring MVC/WebFlux) . When an app uses Spring MVC/WebFlux with resource chain caching enabled and encoded resource resolution, and the resource cache is empty, an attacker can poison the cache by sending crafted requests with incorrect encodin...

Cache Poisoning

Spring MVC and WebFlux are vulnerable to Cache Poisoning. The vulnerability is due to improper handling of encoded resource resolution when resource chain caching is enabled, allowing attackers to store incorrectly encoded resources in the cache, which can break frontend asset delivery and lead t...

CLSA-2026-1777287060 bind: Fix of CVE-2025-40778

CVE-2025-40778: reject forged records in answer sections to prevent cache poisoning via crafted responses - build tests improved...

GHSA-J7RW-325J-2RMX Duplicate Advisory: Grav has Insecure Deserialization in File Cache

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gwfr-jfjf-92vv. This link is maintained to preserve external references. Original Description A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function...

Duplicate Advisory: Grav has Insecure Deserialization in File Cache

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gwfr-jfjf-92vv. This link is maintained to preserve external references. Original Description A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function...

PT-2026-38907

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the RxRPC subsystem of the Linux kernel involving the incorrect handling of fragmented packets and data copying mechanisms in socket buffers. Specifically, the...

PT-2026-35908

Name of the Vulnerable Software and Affected Versions Spring MVC affected versions not specified Spring WebFlux affected versions not specified Description Applications using Spring MVC or Spring WebFlux are susceptible to cache poisoning during the resolution of static resources. This occurs whe...

SUSE CVE-2026-41425

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.11, there is no CSRF protection on the cache feature in authlib.integrations.starletteclient.OAuth. This vulnerability is fixed in 1.6.11...

GHSA-88HF-WF7H-7W4M OpenTelemetry's Zipkin remote endpoint cache could grow without bounds and increase memory pressure

Summary The Zipkin exporter remote endpoint cache accepted unbounded key growth derived from span attributes. In high-cardinality scenarios, this could increase process memory usage over time and degrade availability. Details - Introduce a bounded, thread-safe LRU cache for remote endpoints. -...

Allocation of Resources Without Limits or Throttling

Overview OpenTelemetry.Exporter.Zipkin is a Zipkin Exporter for OpenTelemetry .NET. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to unbounded growth of the remote endpoint cache derived from span attributes. An attacker can cause...

OpenTelemetry's Zipkin remote endpoint cache could grow without bounds and increase memory pressure

Summary The Zipkin exporter remote endpoint cache accepted unbounded key growth derived from span attributes. In high-cardinality scenarios, this could increase process memory usage over time and degrade availability. Details - Introduce a bounded, thread-safe LRU cache for remote endpoints. -...

Use of Cache Containing Sensitive Information

Overview Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to the default KeyGenerator process in the cache middleware not including query parameters when generating cache keys. An attacker can access or cause exposure of user-specific or...

GHSA-35HP-HQMV-8QG8 Fiber's cache middleware default key generator ignores query string, causing response mix-up across distinct query parameters

Summary Fiber cache middleware's default key generator uses only c.Path and does not include the query string. As a result, requests like /?id=1 and /?id=2 can map to the same cache key and share the same cached response. This can cause response mix-up cache poisoning-like behavior for endpoints...

Use of Cache Containing Sensitive Information

Overview Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to the default KeyGenerator process in the cache middleware not including query parameters when generating cache keys. An attacker can access or cause exposure of user-specific or...