Spring Framework
Moderate fix6 remedies
cpe:2.3:a:springsource:spring_framework:*:*:*:*:*:*:*
Moderate fix6 remedies
- >= 7.0.0, <= 7.0.7
- >= 6.2.0, <= 6.2.18
- >= 6.1.0, <= 6.1.27
- >= 5.3.0, <= 5.3.48
Spring Framework Session Fixation Vulnerability in WebFlux Applications
Vulnerability
Patched
A session fixation vulnerability has been identified in Spring Framework's WebFlux applications. This issue arises when a subdomain is compromised, potentially through cross-site scripting (XSS). The vulnerability allows an attacker to exchange a known session ID for that of an authenticated user, leading to unauthorized access. Affected versions include Spring Framework 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 through 6.1.27, and 5.3.0 through 5.3.48.
Impact
Exploitation of this vulnerability allows for session fixation attacks, where an attacker can hijack an authenticated user's session by exchanging session IDs.
Remediation
Users should upgrade to Spring Framework 7.0.8, 6.2.19, 6.1.28, or 5.3.49. Instructions for upgrading to the commercial versions are available on the Spring Enterprise website.
Added: Jun 9, 2026, 6:32 AM
Updated: Jun 9, 2026, 6:32 AM
Vulnerability Rating
Custom Algorithm
spread
7.8impact
1.3exploitability
3.8remediation
7.7relevance
9.3threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.