惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

酷 壳 – CoolShell
酷 壳 – CoolShell
H
Hacker News: Front Page
P
Palo Alto Networks Blog
T
ThreatConnect
Apple Machine Learning Research
Apple Machine Learning Research
博客园_首页
T
True Tiger Recordings
P
Privacy & Cybersecurity Law Blog
B
Blog
IT之家
IT之家
Last Week in AI
Last Week in AI
F
Full Disclosure
Hacker News: Ask HN
Hacker News: Ask HN
C
Comments on: Blog
Microsoft Azure Blog
Microsoft Azure Blog
C
Cybersecurity and Infrastructure Security Agency CISA
Microsoft Security Blog
Microsoft Security Blog
博客园 - 【当耐特】
N
News and Events Feed by Topic
NISL@THU
NISL@THU
腾讯CDC
雷峰网
雷峰网
Security Latest
Security Latest
李成银的技术随笔
M
Microsoft Research Blog - Microsoft Research
L
LangChain Blog
L
Lohrmann on Cybersecurity
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
C
Check Point Blog
Y
Y Combinator Blog
Recent Announcements
Recent Announcements
博客园 - Franky
N
News | PayPal Newsroom
V
V2EX
A
About on SuperTechFans
The Register - Security
The Register - Security
月光博客
月光博客
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Google Online Security Blog
Google Online Security Blog
MyScale Blog
MyScale Blog
Cisco Talos Blog
Cisco Talos Blog
Vercel News
Vercel News
WordPress大学
WordPress大学
C
Cyber Attacks, Cyber Crime and Cyber Security
The Hacker News
The Hacker News
IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog
IntelliJ IDEA : IntelliJ IDEA – the Leading IDE for Professional Development in Java and Kotlin | The JetBrains Blog
爱范儿
爱范儿
A
Arctic Wolf
L
LINUX DO - 最新话题
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More

Spring Security Advisories

CVE-2026-41713: Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor CVE-2026-41712: ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage CVE-2026-41705: Expression injection in MilvusVectorStore doDelete allows data destruction CVE-2026-40990: Unbounded cache for function definitions CVE-2026-40989: Self Routing guard bypassed via function composition CVE-2026-41004: Spring Cloud Config Server Logged Sensitive Information CVE-2026-40981: Spring Cloud Config Clients Can Access Secrets From Any Project The Config Server Has Access To On Google Secrets Manager CVE-2026-40982: Directory Traversal with spring-cloud-config-server CVE-2026-41002: Spring Cloud Config Server Susceptible To TOCTOU Attack CVE-2026-40968 - Medium - CVE-2026-40968: Spring gRPC SecurityContext leaks across requests on authorization failure CVE-2026-40969 - Low - CVE-2026-40969: Spring gRPC AuthenticationException message reflected to remote client CVE-2026-40980 - Moderate - CVE-2026-40980: OOM by attacker-controlled PDF CVE-2026-40979 - Moderate - CVE-2026-40979: ONNX model cache defaults to world-writable predictable /tmp directory CVE-2026-40978 - High - CVE-2026-40978: SQL Injection in CosmosDBVectorStore.doDelete() CVE-2026-40967 - High - CVE-2026-40967: VectorStore FilterExpression Converter injection CVE-2026-40966 - Moderate - CVE-2026-40966: VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration CVE-2026-40972 - High - CVE-2026-40972: DevTools remote secret comparison is vulnerable to timing attacks CVE-2026-40976 - Critical - CVE-2026-40976: Default security filter chain has no authorization rule with Actuator but without Health CVE-2026-40977 - Medium - CVE-2026-40977: PID file write follows symlinks at predictable default path CVE-2026-40975 - Medium - CVE-2026-40975: Random value property source uses a weak PRNG unsuitable for secrets CVE-2026-40974 - Medium - CVE-2026-40974: Cassandra SSL auto-configuration disables TLS hostname verification CVE-2026-40973 - High - CVE-2026-40973: Predictable temp directory accepted without ownership verification CVE-2026-40971 - Medium - CVE-2026-40971: RabbitMQ auto-configuration with an SSL bundle disables TLS hostname verification CVE-2026-40970 - Medium - CVE-2026-40970: Elasticsearch auto-configuration with an SSL bundle disables TLS hostname verification CVE-2026-22752: Spring Security Authorization Server Dynamic Client Registration endpoints perform insufficient validation of client metadata CVE-2026-22751: Spring Security JdbcOneTimeTokenService allows a one-time token to authenticate multiple sessions CVE-2026-22748: Potential Security Misconfiguration when Using withIssuerLocation CVE-2026-22747: Unauthorized User Impersonation when Using X.509 Client Certificates CVE-2026-22754: Servlet Path Not Correctly Included in Path Matching of XML Authorization Rules CVE-2026-22753: Servlet Path Not Correctly Included in Path Matching of HttpSecurity#securityMatchers CVE-2026-22746: User Attribute Enumeration when Using DaoAuthenticationProvider CVE-2026-22740 - Medium - CVE-2026-22740: Spring Framework DoS with Multipart Temp Files in WebFlux CVE-2026-22745 : Denial of service in static resource handling on Windows platforms CVE-2026-22750: SSL bundle configuration silently bypassed in Spring Cloud Gateway CVE-2026-22742: Server-Side Request Forgery in BedrockProxyChatModel via Unvalidated Media URL Fetching CVE-2026-22743: Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore CVE-2026-22744: RediSearch Query via Unescaped TAG Filter Values in RedisVectorStore CVE-2026-22738: SpEL Injection via Unescaped Filter Key in SimpleVectorStore Leads to Remote Code Execution CVE-2026-22739: Spring Cloud Config Profile Substitution Can Allow Unintended Access To Files And Enable SSRF Attacks CVE-2026-22735 - Low - CVE-2026-22735: Server Sent Event stream corruption CVE-2026-22733: Authentication Bypass under Actuator CloudFoundry endpoints CVE-2026-22737: Spring Framework Improper Path Limitation with Script View Templates cve-2026-22732: Under Some Conditions Spring Security HTTP Headers Are not Written CVE-2026-22731: Authentication Bypass under Actuator Health groups paths
CVE-2026-22741: Static resource cache poisoning in Spring MVC and WebFlux
Spring · 2026-04-17 · via Spring Security Advisories

Description

Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources.

More precisely, an application can be vulnerable when all the following are true:

  • the application is using Spring MVC or Spring WebFlux
  • the application is configuring the resource chain support with caching enabled
  • the application adds support for encoded resources resolution
  • the resource cache must be empty when the attacker has access to the application

When all the conditions above are met, the attacker can send malicious requests and poison the resource cache with resources using the wrong encoding. This can cause a denial of service by breaking the front-end application for clients.

Affected Spring Products and Versions

Spring Framework:

  • 7.0.0 - 7.0.6
  • 6.2.0 - 6.2.17
  • 6.1.0 - 6.1.26
  • 5.3.0 - 5.3.47

Older, unsupported versions are also vulnerable.

Mitigation

Users of affected versions should upgrade to the corresponding fixed version.

Affected version(s) Fix version Availability
7.0.x 7.0.7 OSS
6.2.x 6.2.18 OSS
6.1.x 6.1.27 Commercial
5.3.x 5.3.48 Commercial

No further mitigation steps are necessary.

Credit

This issue was responsibly reported by Yuki Matsuhashi.

References

History

  • 2026-04-17: Initial vulnerability report published.

此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。