Primary

Context

Spring Framework Path Traversal Vulnerability in MVC and WebFlux Applications

Vulnerability

Patched

A path traversal vulnerability has been identified in Spring Framework versions 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 through 6.1.27, and 5.3.0 through 5.3.48. This vulnerability affects applications using Spring MVC or Spring WebFlux that serve static resources from the file system and have versioned resource support enabled. Under these conditions, an attacker could send malicious requests to access files outside the designated resource directories.

Impact

Exploitation of this vulnerability could lead to unauthorized access to files outside the application's configured static resource locations, potentially exposing sensitive information or application data.

Remediation

Users should upgrade to Spring Framework versions 7.0.8, 6.2.19, 6.1.28, or 5.3.49, depending on their current version. Instructions for upgrading to these versions are available on the Spring Enterprise website.

Added: Jun 9, 2026, 6:25 AM

Updated: Jun 9, 2026, 6:25 AM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

4.7

remediation

7.7

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

0.6

exploitability

4.7

remediation

7.7

relevance

9.6

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Spring Framework Path Traversal Vulnerability in MVC and WebFlux Applications

Vulnerability

Impact

Remediation

Affected Products

Spring Framework

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating