CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2026/06/09 5:16 a.m.•6 views

UBUNTU-CVE-2026-41850

Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading to application degradation or...

OSV•added 2026/06/09 5:16 a.m.•5 views

UBUNTU-CVE-2026-41849

An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language SpEL. An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service DoS. Affected versions: Spring...

OSV•added 2026/06/09 5:16 a.m.•5 views

UBUNTU-CVE-2026-41851

Applications which accept user-supplied Spring Expression Language SpEL expressions may be vulnerable to a Denial of Service DoS attack if the evaluation of a SpEL expression triggers unbounded cache growth. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...

Debian CVE•added 2026/06/09 3:51 a.m.•7 views

CVE-2026-41852

A vulnerability in Spring Expression Language SpEL evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker to invoke unintended application logic. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2....

5.3CVSS5.6AI score0.00164EPSS

EUVD•added 2026/06/09 3:51 a.m.•8 views

EUVD-2026-35339

CVE•added 2026/06/09 3:51 a.m.•90 views

CVE-2026-41851

CVE-2026-41851 describes a Denial of Service risk in Spring Framework where evaluating user-provided SpEL expressions can trigger unbounded cache growth. Affected versions include Spring Framework 7.0.0–7.0.7, 6.2.0–6.2.18, 6.1.0–6.1.27, and 5.3.0–5.3.48. The DoS arises from how SpEL expressions ...

Debian CVE•added 2026/06/09 3:51 a.m.•6 views

CVE-2026-41851

Cvelist•added 2026/06/09 3:51 a.m.•41 views

CVE-2026-41851 Spring Framework Denial of Service via Unbounded Cache in SpEL

5.3CVSS0.0036EPSS

EUVD•added 2026/06/09 3:51 a.m.•12 views

EUVD-2026-35338

Cvelist•added 2026/06/09 3:51 a.m.•34 views

CVE-2026-41850 Spring Framework Algorithmic Denial of Service via SpEL Expressions

7.5CVSS0.0036EPSS

Debian CVE•added 2026/06/09 3:51 a.m.•6 views

CVE-2026-41850

CVE•added 2026/06/09 3:51 a.m.•121 views

CVE-2026-41850

Spring Framework vulnerability CVE-2026-41850 affects the evaluation of user-supplied Spring Expression Language (SpEL) expressions. The issue is an Algorithmic Denial of Service (DoS) caused by crafted expressions triggering excessive resource consumption during evaluation, degrading or taking d...

Vulnrichment•added 2026/06/09 3:51 a.m.•8 views

CVE-2026-41849 Spring Framework Denial of Service via Integer Overflow in SpEL Expressions

EUVD•added 2026/06/09 3:51 a.m.•8 views

EUVD-2026-35337

CVE•added 2026/06/09 3:51 a.m.•53 views

CVE-2026-41849

The CVE-2026-41849 entry affects Spring Framework 5.3.0–5.3.48 and is caused by an integer overflow in the SpEL evaluation logic. Exploitation via a crafted SpEL expression can trigger excessive resource consumption, leading to a Denial of Service. The connected documents specify the vulnerabilit...

Cvelist•added 2026/06/09 3:51 a.m.•35 views

CVE-2026-41848 Spring Framework Denial of Service via AntPathMatcher

3.7CVSS0.00317EPSS

EUVD•added 2026/06/09 3:51 a.m.•10 views

EUVD-2026-35336

3.7CVSS5.4AI score0.00317EPSS

CVE•added 2026/06/09 3:51 a.m.•72 views

CVE-2026-41848

CVE-2026-41848 affects Spring Framework via a ReDoS vulnerability in AntPathMatcher. Affected versions are 7.0.0–7.0.7, 6.2.0–6.2.18, 6.1.0–6.1.27, and 5.3.0–5.3.48. The issue arises when a crafted pattern is supplied to AntPathMatcher methods (match, matchStart, extractUriTemplateVariables). The...

7.5CVSS5.4AI score0.00317EPSS

Debian CVE•added 2026/06/09 3:51 a.m.•9 views

CVE-2026-41848

7.5CVSS5.4AI score0.00317EPSS