5.3
CVE-2026-41853
- EPSS 0.19%
- Veröffentlicht 09.06.2026 03:51:44
- Zuletzt bearbeitet 27.06.2026 21:16:30
- Quelle security@vmware.com
- CVE-Watchlists
- Unerledigt
Spring Framework Multipart Request Smuggling in Spring MVC and WebFlux
Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMware ≫ Spring Framework Version >= 5.3.0 < 5.3.49
VMware ≫ Spring Framework Version >= 6.1.0 < 6.1.28
VMware ≫ Spring Framework Version >= 6.2.0 < 6.2.19
VMware ≫ Spring Framework Version >= 7.0.0 < 7.0.8
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.19% | 0.082 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@vmware.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.
https://spring.io/security/cve-2026-41853