Primary

Context

Thymeleaf Expression Execution Security Bypass Vulnerability Allowing Server-Side Template Injection

Vulnerability

Patched

A security bypass vulnerability has been identified in the Thymeleaf Java template engine, affecting versions through 3.1.3.RELEASE. This vulnerability arises from improper restrictions in the expression execution mechanisms, allowing potentially sensitive objects to be accessed from within templates. If unvalidated user input is passed directly to the template engine, an unauthenticated remote attacker can exploit this flaw to achieve Server-Side Template Injection (SSTI).

Impact

Exploitation of this vulnerability allows for Server-Side Template Injection (SSTI), where an attacker can inject and execute arbitrary code on the server via the template engine.

Remediation

Users are advised to upgrade to Thymeleaf version 3.1.4.RELEASE, which addresses this vulnerability. For applications using Thymeleaf with Spring, the same version should be applied.

Added: Apr 17, 2026, 10:21 PM

Updated: Apr 17, 2026, 10:21 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

3.1

exploitability

4.7

remediation

7.9

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

3.1

exploitability

4.7

remediation

7.9

relevance

6.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Thymeleaf Expression Execution Security Bypass Vulnerability Allowing Server-Side Template Injection

Vulnerability

Impact

Remediation

Affected Products

Thymeleaf

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating