Security Bulletin: Due to use of spring-webmvc-6.2.17.jar, IBM Sterling Connect:Direct Web Services is vulnerable to cache poisoning when resolving static resources.

Summary spring-webmvc-6.2.17.jar is used by IBM Sterling Connect:Direct Web Services CVE-2026-22741. Vulnerability Details CVEID:CVE-2026-22741 DESCRIPTION: Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be...

ROOT-APP-MAVEN-CVE-2023-20860 CVE-2023-20860 in io.root.org.springframework:spring-webmvc - Patched by Root

Root has patched CVE-2023-20860 in the io.root.org.springframework:spring-webmvc package for Root:Maven. Multiple fixed versions available...

Security Bulletin: Maximo AI Service uses uuid-11.1.0.tgz and spring-webmvc-6.2.17.jar which are vulnerable to CVE-2026-41988 and CVE-2026-22741.

Summary Maximo AI Service uses uuid-11.1.0.tgz and spring-webmvc-6.2.17.jar which are vulnerable to CVE-2026-41988 and CVE-2026-22741. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-22741 DESCRIPTION: Spring MVC and WebFlux...

ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.7.4) +1788 more potentially affected by CVE-2026-22741 via org.springframework:spring-webmvc (>=7.0.0 <=7.0.6)

org.springframework:spring-webmvc MAVEN version =7.0.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0, =2.0.0, =0.1.1, =0.2.0, =0.5.0, =0.7.0, =0.5.0, =0.5.0, =0.7.5 and more Source cves: CVE-2026-22741 Source advisory: OSV:GHSA-WG35-8JPF-2XV3...

RPD:bmc-rpd (=1.1), aendter.jenkins.plugins:filesystem-list-parameter-plugin (>=0.0.1 <=0.0.6) +25511 more potentially affected by CVE-2026-22745 via org.springframework:spring-webmvc (>=1.2.1 <=5.3.4)

org.springframework:spring-webmvc MAVEN version =1.2.1, =0.0.1, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =4.4.0.0, =0.0.12, =0.1.15 and more Source cves: CVE-2026-22745 Source advisory: OSV:GHSA-6P4F-WCWH-5VVM...

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0), ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.4.0) +4585 more potentially affected by CVE-2026-22741 via org.springframework:spring-webmvc (>=6.1.0 <=6.1.21)

org.springframework:spring-webmvc MAVEN version =6.1.0, =0.0.4, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.3, =0.7.0, =0.5.0, =0.5.0, =0.5.0, =cloud-0.1, =cloud-0.2.1 and more Source cves: CVE-2026-22741 Source advisory: OSV:GHSA-WG35-8JPF-2XV3...

ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0), ai.telosforge:kimaira-starter-dms (>=1.2.4 <=1.2.6) +5034 more potentially affected by CVE-2026-22741 via org.springframework:spring-webmvc (>=6.2.0 <=6.2.17)

org.springframework:spring-webmvc MAVEN version =6.2.0, =0.5.0, =1.2.4, =1.2.4, =1.17.0, =0.3.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.8.1 and more Source cves: CVE-2026-22741 Source advisory: OSV:GHSA-WG35-8JPF-2XV3...

ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.7.4) +1788 more potentially affected by CVE-2026-22745 via org.springframework:spring-webmvc (>=7.0.0 <=7.0.6)

org.springframework:spring-webmvc MAVEN version =7.0.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0, =2.0.0, =0.1.1, =0.2.0, =0.5.0, =0.7.0, =0.5.0, =0.5.0, =0.7.5 and more Source cves: CVE-2026-22745 Source advisory: OSV:GHSA-6P4F-WCWH-5VVM...

ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0), ai.telosforge:kimaira-starter-dms (>=1.2.4 <=1.2.6) +5034 more potentially affected by CVE-2026-22745 via org.springframework:spring-webmvc (>=6.2.0 <=6.2.17)

org.springframework:spring-webmvc MAVEN version =6.2.0, =0.5.0, =1.2.4, =1.2.4, =1.17.0, =0.3.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.8.1 and more Source cves: CVE-2026-22745 Source advisory: OSV:GHSA-6P4F-WCWH-5VVM...

RPD:bmc-rpd (=1.1), aendter.jenkins.plugins:filesystem-list-parameter-plugin (>=0.0.1 <=0.0.6) +25511 more potentially affected by CVE-2026-22741 via org.springframework:spring-webmvc (>=1.2.1 <=5.3.4)

org.springframework:spring-webmvc MAVEN version =1.2.1, =0.0.1, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =4.4.0.0, =0.0.12, =0.1.15 and more Source cves: CVE-2026-22741 Source advisory: OSV:GHSA-WG35-8JPF-2XV3...

ROOT-APP-MAVEN-CVE-2026-22737 CVE-2026-22737 in io.root.org.springframework:spring-webmvc - Patched by Root

Root has patched CVE-2026-22737 in the io.root.org.springframework:spring-webmvc package for Root:Maven. Multiple fixed versions available...

ROOT-APP-MAVEN-CVE-2025-41242 CVE-2025-41242 in io.root.org.springframework:spring-webmvc - Patched by Root

Root has patched CVE-2025-41242 in the io.root.org.springframework:spring-webmvc package for Root:Maven. Multiple fixed versions available...

HTTP Request Smuggling

Overview org.springframework:spring-webmvc is a package that provides Model-View-Controller MVC architecture and ready components that can be used to develop flexible and loosely coupled web applications. Affected versions of this package are vulnerable to HTTP Request Smuggling via the static...

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.6.0) +9908 more potentially affected by CVE-2026-22737 via org.springframework:spring-webmvc (>=6.0.0 <=6.2.16)

org.springframework:spring-webmvc MAVEN version =6.0.0, =0.2.0, =0.0.4, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.3, =0.7.0, =0.5.0, =0.5.0, =0.8.7 and more Source cves: CVE-2026-22737 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-15701845...

ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.6.0) +1532 more potentially affected by CVE-2026-22737 via org.springframework:spring-webmvc (>=7.0.0-M1 <=7.0.5)

org.springframework:spring-webmvc MAVEN version =7.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0-beta-1, =0.1.1, =0.2.0, =0.5.0, =0.7.0, =0.5.0, =0.5.0, =0.7.5 and more Source cves: CVE-2026-22737 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-15701845...

ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.6.0) +1532 more potentially affected by CVE-2026-22735 via org.springframework:spring-webmvc (>=7.0.0-M1 <=7.0.5)

org.springframework:spring-webmvc MAVEN version =7.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0-beta-1, =0.1.1, =0.2.0, =0.5.0, =0.7.0, =0.5.0, =0.5.0, =0.7.5 and more Source cves: CVE-2026-22735 Source advisory: OSV:GHSA-6HCQ-HMM3-JJ3C...

africa.absa:inception-api (>=1.1.0 <=1.2.0), africa.absa:inception-codes-api (>=1.1.0 <=1.2.0) +10609 more potentially affected by CVE-2026-22735 via org.springframework:spring-webmvc (>=5.3.0 <=5.3.39)

org.springframework:spring-webmvc MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =4.4.0.2, =j11.2.6.0, =j11.2.6.0, =j11.2.6.0, =j11.2.6.2 and more Source cves: CVE-2026-22735 Source advisory: OSV:GHSA-6HCQ-HMM3-JJ3C...

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (=0.28.0), ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.4.0) +6419 more potentially affected by CVE-2026-22737 via org.springframework:spring-webmvc (>=6.0.0 <=6.1.21)

org.springframework:spring-webmvc MAVEN version =6.0.0, =0.0.4, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.3, =0.7.0, =0.5.0, =0.5.0, =0.5.0, =cloud-0.1, =cloud-0.2.1 and more Source cves: CVE-2026-22737 Source advisory: OSV:GHSA-4773-3JFM-QMX3...

ai.ancf.lmos:lmos-operator (>=0.5.0 <=0.6.0), ai.telosforge:kimaira-starter-dms (>=1.2.4 <=1.2.6) +4858 more potentially affected by CVE-2026-22737 via org.springframework:spring-webmvc (>=6.2.0 <=6.2.16)

org.springframework:spring-webmvc MAVEN version =6.2.0, =0.5.0, =1.2.4, =1.2.4, =1.17.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.6.0, =8.8.1 and more Source cves: CVE-2026-22737 Source advisory: OSV:GHSA-4773-3JFM-QMX3...

africa.absa:inception-api (>=1.1.0 <=1.2.0), africa.absa:inception-codes-api (>=1.1.0 <=1.2.0) +10609 more potentially affected by CVE-2026-22737 via org.springframework:spring-webmvc (>=5.3.0 <=5.3.39)

org.springframework:spring-webmvc MAVEN version =5.3.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =4.4.0.2, =j11.2.6.0, =j11.2.6.0, =j11.2.6.0, =j11.2.6.2 and more Source cves: CVE-2026-22737 Source advisory: OSV:GHSA-4773-3JFM-QMX3...