5.3

CVE-2026-40969

EPSS 0.07%
Veröffentlicht 28.04.2026 14:54:07
Zuletzt bearbeitet 30.04.2026 13:24:42
Quelle security@vmware.com
CVE-Watchlists
Login
Unerledigt
Login

Spring gRPC AuthenticationException message reflected to remote client

The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain information about the authentication failure, which may be useful for further attacks.

Affected versions:
Spring gRPC: 1.0.0 - 1.0.2 (fixed in 1.0.3). Older, unsupported versions are also affected.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

VMware ≫ Spring Grpc Version < 1.0.3

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.2

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
security@vmware.com	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-209 Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

https://spring.io/security/cve-2026-40969

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-40969

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-40969

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-40969

EUVD