CVE-2023-20883

CVE-2023-20883 : DoS potential in Spring Boot / Spring MVC when used with a reverse proxy cache. Affects Spring Boot versions 3.0.0–3.0.6; 2.7.0–2.7.11; 2.6.0–2.6.14; 2.5.0–2.5.14 and older unsupported releases. IBM security bulletin corroborates this and lists a remediation: upgrade IBM Library ...

CVE-2022-27772

CVE-2022-27772 : Spring Boot before v2.2.11.RELEASE is vulnerable to temporary directory hijacking via the method org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir. A local attacker could leverage this to escalate privileges or take over the application, as de...

CVE-2017-8046

CVE-2017-8046 is a remote code execution vulnerability affecting Spring Data REST before versions 2.6.9 (Ingalls SR9) and 3.0.1 (Kay SR1), and Spring Boot before 1.5.9 or 2.0 M6. When processing specially crafted JSON in PATCH requests, an attacker could execute arbitrary Java code on affected se...

CVE-2023-20873

CVE-2023-20873 affects VMware Tanzu Spring Boot deployed in Cloud Foundry, enabling a security bypass due to a wildcard pattern matching flaw in Spring Boot’s access controls. Public references in the CVE describe impact on VMware Tanzu Spring Boot and related IBM deployments, with remediation th...

CVE-2023-22602

The CVE-2023-22602 issue affects Apache Shiro before 1.11.0 when used with Spring Boot 2.6+ and can allow an authentication bypass via a specially crafted HTTP request. The bypass arises because Shiro and Spring Boot may use different Ant-style pattern matching, causing access controls to be impr...

CVE-2023-34055

CVE-2023-34055 concerns denial-of-service in Spring Boot when using Spring MVC/WebFlux and the actuator JAR on the classpath. Affected are Spring Boot versions 2.7.0–2.7.17, 3.0.0–3.0.12, and 3.1.0–3.1.5. The DoS condition arises from specially crafted HTTP requests; exploitation requires the aff...

CVE-2026-40976

CVE-2026-40976 affects Spring Boot 4.0.0–4.0.5. In vulnerable configurations, a servlet-based web application that relies on Spring Boot’s default web security (no custom Spring Security config), depends on spring-boot-actuator-autoconfigure, and does not rely on spring-boot-health can experience...

CVE-2026-40973

The CVE-2026-40973 issue affects Spring Boot versions 4.x (4.0.0–4.0.5 with fix in 4.0.6), 3.5.x (3.5.0–3.5.13 with fix 3.5.14), 3.4.x (3.4.0–3.4.15 with fix 3.4.16), 3.3.x (3.3.0–3.3.18 with fix 3.3.19), and 2.7.x (2.7.0–2.7.32 with fix 2.7.33). The vulnerability stems from the ApplicationTemp m...

CVE-2018-1196

The CVE-2018-1196 issue affects Spring Boot when using the embedded launch script to run as a systemd/init.d service. The root cause is a symlink attack on the run_user, enabling overwriting/taking ownership of files on the same system if the app is installed as a service and the run_user has she...

CVE-2021-26987

CVE-2021-26987 affects Element Plug-in for vCenter Server, involving SpringBoot Framework. The vulnerability arises in SpringBoot versions prior to 1.3.2, with all Element Plug-in for vCenter Server versions and related Management Services (prior to 2.17.56) and Management Node versions through 1...

CVE-2026-22733

Summary of CVE-2026-22733 : Affected are Spring Boot applications using Actuator with a misconfigured endpoint under the CloudFoundry Actuator path. The issue is described as an Authentication Bypass in several Spring Security versions (2.7.0–2.7.31, 3.3.0–3.3.17, 3.4.0–3.4.14, 3.5.0–3.5.11, 4.0....

CVE-2026-22731

CVE-2026-22731 affects Spring Boot applications with Actuator. An endpoint that requires authentication, when declared under a specific path already configured for a Health Group additional path, can allow an authentication bypass. Affected versions include Spring Boot 4.0 before 4.0.3, 3.5 befor...

CVE-2026-40971

Spring Boot RabbitMQ auto-configuration fails to verify hostnames when SSL bundles are enabled. Affected: Spring Boot 4.0.0–4.0.5 and 3.5.0–3.5.13. Root cause: hostname verification is not performed during broker connection, enabling potential interception or tampering on networks. Mitigation: pa...

CVE-2026-40972

The CVE-2026-40972 involves a Timing Attack on the DevTools remote secret comparison in Spring Boot. An attacker on the same network can measure timing differences when the remote secret is compared, enabling character-by-character deduction of the secret. In extreme cases this could allow upload...

CVE-2026-40977

The CVE affects Spring Boot’s ApplicationPidFileWriter PID-file handling. A local attacker with write access to the PID-file location can clobber a host file on each startup. Affected versions include Spring Boot 4.0.0–4.0.5 (fixed in 4.0.6), 3.5.0–3.5.13 (fixed in 3.5.14), 3.4.0–3.4.15 (fixed in...

CVE-2026-40975

CVE-2026-40975 describes use of a cryptographically weak PRNG for Spring Boot’s random value property source (e.g., ${random.value}, ${random.int}, ${random.long}) used for secrets. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (...

CVE-2026-40974

CVE-2026-40974 affects Spring Boot’s Cassandra SSL auto-configuration: hostname verification is not performed when establishing SSL to Cassandra. Affected ranges include Spring Boot 4.0.0–4.0.5 (fix in 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), and 2....

CVE-2026-40970

CVE-2026-40970 : When Spring Boot is configured to use an SSL bundle, its Elasticsearch auto-configuration does not perform hostname verification during TLS connections to the Elasticsearch server. Affected: Spring Boot 4.0.0–4.0.5. Impact: potential MitM if an attacker presents a valid CA-signed...