CVE-2026-41007 Spring HATEOAS heap exhaustion through unbounded internal caching

Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on attacker-supplied strings. Affected versions: Spring HATEOAS 1.5.0 through 1.5.6; 2.3.0 through 2.3.4; 2.4.0 through 2.4.1; 2.5.0 through 2.5.2; 3.0.0 through 3.0.3...

CVE-2026-41007

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2026-41007 Spring HATEOAS heap exhaustion through unbounded internal caching

Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on attacker-supplied strings. Affected versions: Spring HATEOAS 1.5.0 through 1.5.6; 2.3.0 through 2.3.4; 2.4.0 through 2.4.1; 2.5.0 through 2.5.2; 3.0.0 through 3.0.3...

EUVD-2026-35346

Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on attacker-supplied strings. Affected versions: Spring HATEOAS 1.5.0 through 1.5.6; 2.3.0 through 2.3.4; 2.4.0 through 2.4.1; 2.5.0 through 2.5.2; 3.0.0 through 3.0.3...

EUVD-2026-35339

Applications which accept user-supplied Spring Expression Language SpEL expressions may be vulnerable to a Denial of Service DoS attack if the evaluation of a SpEL expression triggers unbounded cache growth. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...

CVE-2026-41851

The CVE-2026-41851 entry describes a Denial of Service vulnerability in Spring Framework related to unbounded cache growth when evaluating user-supplied Spring Expression Language (SpEL) expressions. Affected are Spring Framework versions: 7.0.0–7.0.7, 6.2.0–6.2.18, 6.1.0–6.1.27, and 5.3.0–5.3.48...

CVE-2026-41851 Spring Framework Denial of Service via Unbounded Cache in SpEL

Applications which accept user-supplied Spring Expression Language SpEL expressions may be vulnerable to a Denial of Service DoS attack if the evaluation of a SpEL expression triggers unbounded cache growth. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...

CVE-2026-41851 Spring Framework Denial of Service via Unbounded Cache in SpEL

Applications which accept user-supplied Spring Expression Language SpEL expressions may be vulnerable to a Denial of Service DoS attack if the evaluation of a SpEL expression triggers unbounded cache growth. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...

CVE-2026-41841

CVE-2026-41841 affects Spring Framework versions 5.3.0–5.3.48; 6.1.0–6.1.27; 6.2.0–6.2.18; 7.0.0–7.0.7. It describes Information Disclosure via the static resource cache in Spring MVC and WebFlux when resolving static resources. The root cause and exact exploit path are not detailed in the provid...

CVE-2026-41841 Spring Framework Information Disclosure via Static Resource Cache in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

CVE-2026-41710

The CVE-2026-41710 issue affects Spring Retry versions 2.0.0–2.0.12 and 1.3.0–1.3.4. An attacker can craft a large number of unique requests that trigger failures, exhausting the application-wide stateful retry cache. Once the cache is full, it permanently rejects further updates, causing all lat...

CVE-2026-41710 Cache Exhaustion in Stateful Retries leads to Denial of Service

An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. Once the cache is full, it permanently rejects any further updates, causing all later stateful retries and circuit breakers in the application to...

EUVD-2026-35321

An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. Once the cache is full, it permanently rejects any further updates, causing all later stateful retries and circuit breakers in the application to...

CVE-2026-41710 Cache Exhaustion in Stateful Retries leads to Denial of Service

An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. Once the cache is full, it permanently rejects any further updates, causing all later stateful retries and circuit breakers in the application to...

PT-2026-47747

TYPO3's cache frontend VariableFrontend and persistent key-value store Registry deserialized PHP payloads without integrity validation or class restrictions. An attacker with write access to the underlying storage backend cache store or sys registry database table could inject a crafted serialize...

PT-2026-47645

Spring HATEOAS maintains an unbounded static cache of StringLinkRelation instances keyed on attacker-supplied strings. Affected versions: Spring HATEOAS 1.5.0 through 1.5.6; 2.3.0 through 2.3.4; 2.4.0 through 2.4.1; 2.5.0 through 2.5.2; 3.0.0 through 3.0.3...

PT-2026-47646

An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. Once the cache is full, it permanently rejects any further updates, causing all later stateful retries and circuit breakers in the application to...

PT-2026-47753

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgic its invalidate cache walks the per-ITS translation cache with xa for each and drops the cache's reference on each entry with vgic put irq. ...

Linux Distros Unpatched Vulnerability : CVE-2026-11329

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the function generatehashkey of the file...

PT-2026-47662

Applications which accept user-supplied Spring Expression Language SpEL expressions may be vulnerable to a Denial of Service DoS attack if the evaluation of a SpEL expression triggers unbounded cache growth. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...