CVE-2026-41840

Spring WebFlux applications are vulnerable to Denial of Service DoS attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

CVE-2026-41853

CVE-2026-41853 concerns Multipart request smuggling in Spring Framework’s Spring MVC and WebFlux components. Affected are Spring Framework versions: 7.0.0–7.0.7; 6.2.0–6.2.18; 6.1.0–6.1.27; 5.3.0–5.3.48. The CVE entry identifies the issue as a vulnerability in multipart handling, with an accompan...

CVE-2026-41853 Spring Framework Multipart Request Smuggling in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

EUVD-2026-35335

Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL. Affected versions: Spring Framework 5.3.0 through 5.3.48...

CVE-2026-41847

Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL. Affected versions: Spring Framework 5.3.0 through 5.3.48...

CVE-2026-41844 Spring Framework Open Redirect in Spring MVC and WebFlux

A Spring MVC or Spring WebFlux application which configures a mapping for "/" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix. Affected versions: Spring Framework 7.0.0 through...

CVE-2026-41843

CVE-2026-41843 affects Spring Framework, specifically Spring MVC and WebFlux, where path traversal can occur when resolving static resources. Affected versions include 7.0.0–7.0.7, 6.2.0–6.2.18, 6.1.0–6.1.27, and 5.3.0–5.3.48. The connected documents confirm the vulnerability class as path traver...

CVE-2026-41843 Spring Framework Path Traversal via Versioned Static Resources in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

CVE-2026-41843 Spring Framework Path Traversal via Versioned Static Resources in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

CVE-2026-41842 Spring Framework Denial of Service via Versioned Resources in Spring MVC and WebFlux

Spring MVC and WebFlux applications are vulnerable to Denial of Service DoS attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

EUVD-2026-35328

Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

CVE-2026-41840

Spring WebFlux applications are vulnerable to Denial of Service DoS attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

EUVD-2026-35327

Spring WebFlux applications are vulnerable to Denial of Service DoS attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

PT-2026-47658

Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL. Affected versions: Spring Framework 5.3.0 through 5.3.48...

UBUNTU-CVE-2026-41840

Spring WebFlux applications are vulnerable to Denial of Service DoS attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

PT-2026-47651

Spring WebFlux applications are vulnerable to Denial of Service DoS attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

UBUNTU-CVE-2026-41847

Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL. Affected versions: Spring Framework 5.3.0 through 5.3.48...

ROOT-APP-MAVEN-CVE-2024-38819 CVE-2024-38819 in io.root.org.springframework:spring-webflux - Patched by Root

Root has patched CVE-2024-38819 in the io.root.org.springframework:spring-webflux package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2024-38816 CVE-2024-38816 in io.root.org.springframework:spring-webflux - Patched by Root

Root has patched CVE-2024-38816 in the io.root.org.springframework:spring-webflux package for Root:Maven. Multiple fixed versions available...

Security Bulletin: Vulnerabilities in Spring WebFlux, Jenkins, Spring Securiy, Spring Framework, and Node.js lodash might affect IBM Storage Defender Copy Data Management.

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in Spring WebFlux, Jenkins, Spring Securiy, Spring Framework, and Node.js lodash. Vulnerabilities include an attacker, local attacker, remote attacker and authenticated attacker could exploit these vulnerabilitie...