Primary

Context

Spring Framework Information Disclosure Vulnerability in MVC and WebFlux Applications

Vulnerability

Patched

A vulnerability allowing information disclosure has been identified in Spring Framework's MVC and WebFlux applications. This issue arises when static resources are resolved, potentially exposing protected resources. The vulnerability affects Spring Framework versions 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 through 6.1.27, and 5.3.0 through 5.3.48.

Impact

Exploitation of this vulnerability could lead to unauthorized access to protected resources, allowing an attacker to retrieve sensitive information that should be restricted.

Remediation

Users should upgrade to Spring Framework versions 7.0.8, 6.2.19, 6.1.28, or 5.3.49, depending on their current version. Instructions for accessing these versions are available on the Spring Enterprise website.

Added: Jun 9, 2026, 6:29 AM

Updated: Jun 9, 2026, 6:29 AM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

4.7

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

4.7

remediation

7.7

relevance

9.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Spring Framework Information Disclosure Vulnerability in MVC and WebFlux Applications

Vulnerability

Impact

Remediation

Affected Products

Spring Framework

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating