Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2026/05/14 10:2 a.m.17 views

CVE-2026-40976

A flaw was found in Spring Boot. Under specific conditions, including being a servlet-based web application without custom Spring Security configuration and relying on the default web security filter chain, a remote attacker could bypass security. This allows unauthorized access to all applicatio...

9.1CVSS5.8AI score0.00489EPSS
Exploits0References4
cve
cve
added 2026/04/27 11:34 p.m.279 views

CVE-2026-40976

CVE-2026-40976 affects Spring Boot 4.0.0–4.0.5. In vulnerable configurations, a servlet-based web application that relies on Spring Boot’s default web security (no custom Spring Security config), depends on spring-boot-actuator-autoconfigure, and does not rely on spring-boot-health can experience...

9.1CVSS5.3AI score0.00489EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/04/27 11:34 p.m.3 views

CVE-2026-40976

In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter...

9.1CVSS6AI score0.00489EPSS
Exploits0References6
snyk
snyk
added 2026/04/23 12:0 a.m.4 views

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization causing web security to be ineffective and allowing unauthorized access to all endpoints. Note: This is only exploitable if the following conditions are met: - the application is servlet-based; - the application ha...

9.3CVSS5.4AI score0.00489EPSS
Exploits0References2
Rows per page
Query Builder