7.5
CVE-2026-41856
- EPSS 0.35%
- Veröffentlicht 11.06.2026 05:05:00
- Zuletzt bearbeitet 30.06.2026 22:16:56
- Quelle security@vmware.com
- CVE-Watchlists
- Unerledigt
Spring GraphQL Annotation Detection Vulnerability
The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within type hierarchies. This can be an issue if such annotations are used for authorization decisions. When all conditions are met, security annotations can be ignored at runtime. Affected versions: Spring for GraphQL 2.0.0 through 2.0.3; 1.4.0 through 1.4.5; 1.3.0 through 1.3.8; 1.0.0 through 1.0.6.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMware ≫ Spring For Graphql Version >= 1.0.0 < 1.0.7
VMware ≫ Spring For Graphql Version >= 1.3.0 < 1.3.9
VMware ≫ Spring For Graphql Version >= 1.4.0 < 1.4.6
VMware ≫ Spring For Graphql Version >= 2.0.0 < 2.0.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.269 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@vmware.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
https://spring.io/security/cve-2026-41856