This Week in Spring - June 30th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring , a weekly recap in which we review the latest and greatest in the wide and wonderful world of Spring. You probably already knew this. I don't know if I needed to mention it. But I like to. I've been doing this every week,...

A Bootiful Podcast: My friend Francesco Ciulla on developer advocacy and more

Hi Spring fans! In this installment we talk to my friend Francesco Ciulla about the art of developer advocacy and more. Francesco Ciulla is the Head of DevRel Engineering at zerops.io...

This Week in Spring - June 23rd, 2026

Hi Spring fans! In this installment, we look at the wide and wonderful world of Spring, as usual, and there's a good amount to get to, fresh off the recent Spring Boot 4.1 generation release train, so let's dive right into it! I wrote a blog post looking at Spring Batch, MongoDB, and Spring Boot...

Self-Correcting Structured Output in Spring AI 2.0

Large language models are text-in, text-out systems — their interface is natural language. Natural language is a great interface for humans and a poor one for software. The moment downstream code needs to route on a field, persist a value, or branch on a result, the conversation has to become a...

MongoDB-backed Spring Batch jobs and more in Spring Boot 4.1

Spring Batch was introduced many years before MongoDB existed, and its design assumed the presence of a SQL database in which to store the state of Spring Batch jobs. But that was decades ago, and a common question for anyone new to Spring Batch was, "Why does this thing need to talk to a SQL...

A Bootiful Podcast: DaShaun Carter on patching, Spring Boot 4.1, and security in the world of AI

Hi Spring fans! In this installment I have the privilege to sit down with my friend DaShaun Carter to talk about patching, Spring Boot 4.1, and security in the world of AI...

This Week in Spring - June 16th, 2026

Hi Spring fans! Welcome to another installment of This Week in Spring! I'm writing this from the oh-so-delightful and delicious! city of New Delhi, India. It's been a real privilege to come and visit so many amazing people. Last night my friend DaShaun and I presented here at the local Delhi JUG,...

Tool Calling in Spring AI 2.0: A Composable, Agentic Architecture

Tool calling — the ability for an AI model to invoke application-defined functions and act on the results — is the essential building block of agentic AI systems. A model that can discover information, take action, and loop until a goal is reached is an agent. Spring AI 2.0 rearchitects tool...

CVE-2026-47835: Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores

In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB...

A Bootiful Podcast: Spring Security lead Rob Winch answers some security questions for me

Hi Spring and security fans! I got the legendary Spring Security lead Rob Winch to answers some of my burning security questions for us! Also: make sure you're downloading all the updates for the new Spring releases this week, the week of June 11th, 2026! or later...

CVE-2026-41708: Spring Cloud Sleuth instrumentation of Spring TX DoS vulnerability

In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service DoS condition. Specifically, an application is vulnerable when all of the following are true:...

CVE-2026-47825: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situations

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers...

CVE-2026-41862: Kryo deserialization of persisted context without class allowlist

Spring Statemachine's Kryo-based persistence backends JPA, MongoDB, Redis and ZooKeeper deserialise persisted state-machine contexts without enforcing a class allowlist CWE-502, deserialisation of untrusted data, which can lead to remote code execution inside the application JVM...

CVE-2026-41001: Predictable Temp Directory in Artemis Auto-configuration

Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts...

CVE-2026-41699: Unsafe Deserialization in Spring GraphQL

Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. More precisely, an application is vulnerable when all the following are true: When all the conditions above are met, an attacker can craft a malicious GraphQL request that can lead ...

CVE-2026-41700: Cross-Site WebSocket Hijacking in Spring for GraphQL

Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. More precisely, an application is vulnerable when all the following are true: When all the conditions above are met, an attacker can trick an authenticated user into visitin...

CVE-2026-41856: Spring GraphQL Annotation Detection Vulnerability

The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within type hierarchies. This can be an issue if such annotations are used for authorization decisions. Spring for GraphQL application are vulnerable when all the...

CVE-2026-40997: SOAP security faults leak Spring Security account state

Several Spring WS integration paths with Spring Security could surface detailed account state for example locked or disabled user semantics to remote SOAP clients through exception messages or callback outcomes, instead of failing with generic authentication errors. That behavior assists remote...

CVE-2026-40986: Spring Web Flow JS RemotingHandler renders non-HTML Response as HTML

Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the response is not "text/html", which can result in a scripting attack in the user's browser if the error response from the server contains error details with input reflected from an attacker...

CVE-2026-40999: Spring WS SSRF via unvalidated WS-Addressing reply destinations

When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to connect to. A remo...

CVE-2026-40992: Mail Auto-Configuration Does Not Enable SSL Hostname Verification

Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.mail.properties.mail.smtp.ssl.checkserveridentity=true , are not affected...

CVE-2026-41000: WSS4J validation does not use configured replay cache

Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements, and certain SAML one-time-use semantics could be...

CVE-2026-40985: Data Binding Vulnerability in Spring Web Flow with Unified EL Parser

Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Pre-conditions:...

CVE-2026-40987: Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization

A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem outside the configured local-directory with attacker-controlled content...

CVE-2026-40994: Wss4jSecurityInterceptor disables WS-I BSP validation by default

Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData , contradicting the intended secure default and published setter contract. Services that validate WS-Security on the network could...

CVE-2026-40995: X.509 authentication bypasses Spring Security account checks

X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certificate mapped to UserDetails , without applying Spring Security’s standard account lifecycle checks disabled, locked, expired, or credentials-expired accounts. That behavior applied to users...

CVE-2026-40996: Inbound WS-Security allows RSA PKCS#1 v1.5 key transport by default

Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true , overriding Apache WSS4J’s safer default for validation RequestData . Inbound WS-Security decryption could therefore accept RSA PKCS1 v1.5 rsa-15 encrypted key material unless operators explicitly reconfigured the flag,...

CVE-2026-40998: Jaxp13 XPath XXE via StreamSource and SAXSource

Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled XML with the JDK’s default DocumentBuilderFactory behavior instead of Spring’s hardened parser configuration. Applications that evaluate XPath against untrusted...

CVE-2026-41003: Unencoded HTML Outputs in Spring Security May Allow Cross-Site Scripting

An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters...

CVE-2026-41706: Open Redirect When Using CookieRequestCache

Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL including scheme, host, and port ...

CVE-2026-41714: In Spring AMQP the `RabbitConnectionFactoryBean.setUri("amqps://...")` bypasses secure SSL setup, uses `TrustEverythingTrustManager`

Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri"amqps://..." without also calling setUseSSLtrue get TLS encryption with no certificate validation and no hostname verification...

CVE-2026-40988: Unbounded DEFLATE Inflation in SAML 2.0 Service Provider

An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory...

CVE-2026-41694: SAML Payloads Decrypted Without Valid Signature

Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle...

CVE-2026-41726: In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header

When an application opts into DelegatingDeserializer , a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError . Only deployments that explicitly configured...

CVE-2026-41695: Denial of Service in Spring Data Commons Property Path Resolution

Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Specifically, an application is vulnerable when all of the following are true: Spring Data...

CVE-2026-40993: Unfiltered Java Native Deserialization of SAML 2.0 Asserting Party Credentials BLOB Database Entry

An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository saml2assertingpartymetadata may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials verificationcredentials and...

CVE-2026-47838: Unauthorized User Impersonation when Using X.509 Client Certificates

This CVE is a continuation of CVE-2026-22747 , which addressed this same issue for Spring Security 7.0.x. SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted...

CVE-2026-41727: In Spring for Apache Kafka, forged retry topic headers subvert retry routing and backoff behavior

Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send a record with a crafted retrytopic-attempts header to supply an out-of-range attempt count and cause the retry topic router to misidentify where the...

CVE-2026-41731: In Spring for Apache Kafka, overly broad trusted-package matching in header mappers exposes JDK classes to deserialization

JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Combined with Jackson's default bean deserialization, a producer could supply crafted...

CVE-2026-41716: Spring Data web support unbounded negative-result cache keyed on attacker-supplied property names

Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests. Affected applications are those using Spring Data features that forward HTTP-supplied strings to PropertyPath.from without prio...

CVE-2026-41711: Potential Denial of Service through crafted Sort Parameters

Applications using Spring Data Commons may be vulnerable to a Denial of Service DoS attack leading to a StackOverflowException when parsing Sort parameters. This issue can occur if an application explicitly exposes an endpoint that accepts Sort parameters from untrusted sources and passes them on...

CVE-2026-41719: Spring Data KeyValue - SpEL Injection vulnerability in SpelPropertyComparator

A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator . The application is vulnerable if all conditions below are true:...

CVE-2026-41730: Spring Data REST exposes persistence-layer internals in error responses

Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients. Affected applications are those that expose a Spring Data REST repository backed by a relational JDBC/JPA store and do not apply additional...

CVE-2026-41837: Spring Data REST Querydsl integration exposes Jackson-hidden persistent fields as filter keys

Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not consider Jackson customizations before handing them to Querydsl...

CVE-2026-41717: Spring Data MongoDB - SpEL Expression Injection via Annotated Query Parameter Binding

Spring Data MongoDB contains a SpEL Spring Expression Language expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated with @Query and utilizes a capture-all placeholder. The application is vulnerable if all conditions...

CVE-2026-41697: Spring Data Relational Parameter not Escaped for Query By Example LIKE Pattern

Spring Data Relational does not properly escape binging values of externally-controlled input when using StringMatcher STARTING, ENDING, or CONTAINING in Query By Example QBE. If an application actively wires externally-controlled input into a QBE probe, an attacker can supply wildcard characters...

CVE-2026-41721: Spring Data Commons Denial of Service via Data Binding

Spring Data Commons contains a vulnerability that can lead to a Denial of Service DoS condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload , when an attacker sends a specially crafted HTTP request that causes the application to allocate...

CVE-2026-41729: Spring Data REST SpEL Injection via Map Key in JSON Patch

Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch application/json-patch+json requests. When a persistent entity exposes a Map -typed property, the JSON Pointer path segment used as the map key is embedded directly into a SpEL...

CVE-2026-41728: Spring Data REST JSON Patch bypasses Jackson read-only property protection on nested objects and collections

Spring Data REST's JSON Patch application/json-patch+json implementation does not apply the write-access filter to intermediate path segments when resolving a multi-segment JSON Pointer. Affected applications are those whose domain model includes an embeddable object, collection, or map property...

CVE-2026-40991: XML External Entity (XXE) injection when documenting untrusted XML content

When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...