Primary

Context

Spring Framework Denial-of-Service Vulnerability in Static Resource Handling on Windows

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Spring MVC and WebFlux applications that serve static resources from the file system on Windows platforms. Under these conditions, an attacker can send malicious requests that are slow to process, keeping HTTP connections active and potentially causing a denial-of-service condition on the application.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, causing the application to become unresponsive or slow down significantly.

Remediation

Users of affected versions should upgrade to the fixed version. For Spring Framework 7.0.x, upgrade to 7.0.7; for 6.2.x, upgrade to 6.2.18; for 6.1.x, upgrade to 6.1.27; and for 5.3.x, upgrade to 5.3.48.

Added: Apr 29, 2026, 12:31 PM

Updated: Apr 29, 2026, 12:31 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.3

remediation

7.7

relevance

7.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.3

remediation

7.7

relevance

7.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Spring Framework Denial-of-Service Vulnerability in Static Resource Handling on Windows

Vulnerability

Impact

Remediation

Affected Products

Spring Framework

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating