CVE-2026-22740

The CVE-2026-22740 issue affects Spring Framework WebFlux multipart request handling. The root cause is cleanup of temporary files created for parts larger than 10 KB, which in some cases are not deleted after the request completes, enabling an attacker to exhaust disk space (Denial of Service). ...

VMware Spring Framework 资源管理错误漏洞

VMware Spring Framework is an open-source Java/JavaEE application framework developed by VMware Corporation in the United States. This framework helps developers build high-quality applications. There is a resource management vulnerability in the VMware Spring Framework, which stems from a...

VMware Spring Framework 资源管理错误漏洞

VMware Spring Framework is an open-source Java/JavaEE application framework developed by VMware, Inc. This framework helps developers build high-quality applications. There is a resource management vulnerability in the VMware Spring Framework, where temporary files created during processing...

PT-2026-35909

Name of the Vulnerable Software and Affected Versions Spring MVC affected versions not specified Spring WebFlux affected versions not specified Description Applications using Spring MVC or Spring WebFlux are susceptible to Denial of Service attacks when serving static resources from the file syst...

VMware Spring Framework 安全漏洞

VMware Spring Framework is an open-source Java/JavaEE application framework developed by VMware, a US-based company. This framework helps developers build high-quality applications. There is a security vulnerability in the VMware Spring Framework, which stems from caching malicious resources duri...

Spring gRPC AuthenticationException messages are reflected to remote client

The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain information about the authentication failure, which may be useful for further attacks. Affected versions: Spring gRPC:...

GHSA-37W2-Q6VH-45V6 Spring gRPC AuthenticationException messages are reflected to remote client

The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain information about the authentication failure, which may be useful for further attacks. Affected versions: Spring gRPC:...

GHSA-4G9C-3X4P-MFPP Spring gRPC SecurityContext leaks across requests upon authorization failure

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

CVE-2026-40968

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

EUVD-2026-26064

The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain information about the authentication failure, which may be useful for further attacks. Affected versions: Spring gRPC:...

CVE-2026-40969 Spring gRPC AuthenticationException message reflected to remote client

The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain information about the authentication failure, which may be useful for further attacks. Affected versions: Spring gRPC:...

CVE-2026-40968

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

CVE-2026-40968

CVE-2026-40968 affects Spring gRPC 1.0.0–1.0.2 (fixed in 1.0.3; older/unsupported versions also affected). The issue: when an authenticated user is denied access to a gRPC method, the user’s authenticated identity remains bound to a gRPC worker thread and can be inherited by a subsequent unauthen...

PT-2026-35740

The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain information about the authentication failure, which may be useful for further attacks. Affected versions: Spring gRPC:...

PT-2026-35730

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to issues in Spring

Summary There are vulnerabilities in Spring used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs CVE-2026-22732, CVE-2026-22735, CVE-2026-22737. Vulnerability Details CVEID:CVE-2026-22737 DESCRIPTION: Use of...

Improper Neutralization of Special Elements in Data Query Logic

Overview org.springframework.ai:spring-ai-mongodb-atlas-store is a Spring AI Vector Store - MongoDB Atlas Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter...

This Week in Spring - April 21st, 2026

Hi Spring fans! Welcome to another installment of This Week in Spring! What a week it's been since we last talked. I was in Barcelona, Spain, for the amazing Spring I/O event there. It has become my favorite show, full stop. Just such an amazing experience. So many wonderful things going on there...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of Spring Framework MVC and WebFlux

Summary Due to use of Spring Framework MVC and WebFlux, DevOps Test Performance and Rational Performance Tester contain a potential stream corruption vulnerability. Vulnerability Details CVEID:CVE-2026-22735 DESCRIPTION: Spring MVC and WebFlux applications are vulnerable to stream corruption when...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Spring Framework

Summary Due to use of the Spring Framework, DevOps Test Performance and Rational Performance Tester contain a potential path traversal vulnerability. Vulnerability Details CVEID:CVE-2026-22737 DESCRIPTION: Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and...