5.3
CVE-2026-41847
- EPSS 0.17%
- Veröffentlicht 09.06.2026 03:51:03
- Zuletzt bearbeitet 11.06.2026 16:08:39
- Quelle security@vmware.com
- CVE-Watchlists
- Unerledigt
Spring Framework Security Filter Bypass in WebFlux Kotlin Router DSL
Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL. Affected versions: Spring Framework 5.3.0 through 5.3.48.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMware ≫ Spring Framework Version >= 5.3.0 < 5.3.49
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.061 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| security@vmware.com | 4.8 | 2.2 | 2.5 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
https://spring.io/security/cve-2026-41847