CVE-2026-40999: Spring WS SSRF via unvalidated WS-Addressing reply destinations - 惯性聚合

推荐订阅源

Proofpoint News Feed

Hacker News: Ask HN

Cybersecurity and Infrastructure Security Agency CISA

CXSECURITY Database RSS Feed - CXSecurity.com

Security @ Cisco Blogs

Threat Research - Cisco Blogs

Troy Hunt's Blog

www.infosecurity-magazine.com

cs.CL updates on arXiv.org

Cyber Security Advisories - MS-ISAC

freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More

News and Events Feed by Topic

Hacker News - Newest: "LLM"

WordPress大学

有赞技术团队

Comments on: Blog

博客园_首页

Last Week in AI

Google Developers Blog

cs.AI updates on arXiv.org

Help Net Security

Forbes - Security

Application and Cybersecurity Blog

DataBreaches.Net

Hugging Face - Blog

cs.CV updates on arXiv.org

Help Net Security

The Blog of Author Tim Ferriss

博客园 - 三生石上(FineUI控件)

LINUX DO - 最新话题

Lohrmann on Cybersecurity

Hackread – Cybersecurity News, Data Breaches, AI and More

SegmentFault 最新的问题

The Last Watchdog

酷壳 – CoolShell

Stack Overflow Blog

Cisco Talos Blog

The Exploit Database - CXSecurity.com

Visual Studio Blog

Spring Security Advisories

CVE-2026-47835: Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores CVE-2026-41862: Kryo deserialization of persisted context without class allowlist CVE-2026-41708: Spring Cloud Sleuth instrumentation of Spring TX DoS vulnerability CVE-2026-47825: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situations CVE-2026-40985: Data Binding Vulnerability in Spring Web Flow with Unified EL Parser CVE-2026-40986: Spring Web Flow JS RemotingHandler renders non-HTML Response as HTML CVE-2026-40987: Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization CVE-2026-40994: Wss4jSecurityInterceptor disables WS-I BSP validation by default CVE-2026-40995: X.509 authentication bypasses Spring Security account checks CVE-2026-40997: SOAP security faults leak Spring Security account state CVE-2026-40998: Jaxp13 XPath XXE via StreamSource and SAXSource CVE-2026-41000: WSS4J validation does not use configured replay cache CVE-2026-40996: Inbound WS-Security allows RSA PKCS#1 v1.5 key transport by default CVE-2026-40992: Mail Auto-Configuration Does Not Enable SSL Hostname Verification CVE-2026-41001: Predictable Temp Directory in Artemis Auto-configuration CVE-2026-41699: Unsafe Deserialization in Spring GraphQL CVE-2026-41700: Cross-Site WebSocket Hijacking in Spring for GraphQL CVE-2026-41856: Spring GraphQL Annotation Detection Vulnerability CVE-2026-41695: Denial of Service in Spring Data Commons Property Path Resolution CVE-2026-41696: Spring Data MongoDB Bind Parameter Literal Quoting Breakout CVE-2026-41697: Spring Data Relational Parameter not Escaped for Query By Example LIKE Pattern CVE-2026-41711: Potential Denial of Service through crafted Sort Parameters CVE-2026-41716: Spring Data web support unbounded negative-result cache keyed on attacker-supplied property names CVE-2026-41717: Spring Data MongoDB - SpEL Expression Injection via Annotated Query Parameter Binding CVE-2026-41719: Spring Data KeyValue - SpEL Injection vulnerability in SpelPropertyComparator CVE-2026-40991: XML External Entity (XXE) injection when documenting untrusted XML content CVE-2026-41721: Spring Data Commons Denial of Service via Data Binding CVE-2026-41728: Spring Data REST JSON Patch bypasses Jackson read-only property protection on nested objects and collections CVE-2026-40993: Unfiltered Java Native Deserialization of SAML 2.0 Asserting Party Credentials BLOB Database Entry CVE-2026-40988: Unbounded DEFLATE Inflation in SAML 2.0 Service Provider CVE-2026-41003: Unencoded HTML Outputs in Spring Security May Allow Cross-Site Scripting CVE-2026-41008: Spring Security Authorization Server Open Redirect via request_uri CVE-2026-41694: SAML Payloads Decrypted Without Valid Signature CVE-2026-41706: Open Redirect When Using CookieRequestCache CVE-2026-41714: In Spring AMQP the `RabbitConnectionFactoryBean.setUri("amqps://...")` bypasses secure SSL setup, uses `TrustEverythingTrustManager` CVE-2026-41701: In Spring AMQP sequential correlation IDs enable reply poisoning on fixed reply queues CVE-2026-41726: In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header CVE-2026-41729: Spring Data REST SpEL Injection via Map Key in JSON Patch CVE-2026-41730: Spring Data REST exposes persistence-layer internals in error responses CVE-2026-41727: In Spring for Apache Kafka, forged retry topic headers subvert retry routing and backoff behavior CVE-2026-41731: In Spring for Apache Kafka, overly broad trusted-package matching in header mappers exposes JDK classes to deserialization CVE-2026-41732: In Spring for Apache Pulsar, overly broad trusted-package matching in header mapper exposes JDK classes to deserialization CVE-2026-41837: Spring Data REST Querydsl integration exposes Jackson-hidden persistent fields as filter keys CVE-2026-47838: Unauthorized User Impersonation when Using X.509 Client Certificates CVE-2026-40983: Micrometer gRPC server instrumentation DoS vulnerability CVE-2026-41715: Reactor Netty HTTP Client Leaks Credentials On Protocol Downgrade Redirect CVE-2026-40984: Micrometer HTTP server instrumentations DoS vulnerability CVE-2026-41007: Spring HATEOAS heap exhaustion through unbounded internal caching CVE-2026-41006: Spring HATEOAS Collection+JSON/UBER deserializers do not honor Jackson configuration CVE-2026-41720: Authentication Bypass with Empty Password in Spring LDAP CVE-2026-41838: Spring Framework Predictable Session ID in WebSocket Module CVE-2026-41839: Spring Framework Escalation via Session Fixation in WebFlux CVE-2026-41710: Cache Exhaustion in Stateful Retries leads to Denial of Service CVE-2026-41863: LLM-influenced filename used unsanitized in Path.resolve before file write in Spring AI support for Anthropic Skills API CVE-2026-40989: Self Routing guard bypassed via function composition CVE-2026-40990: Unbounded cache for function definitions CVE-2026-41705: Expression injection in MilvusVectorStore doDelete allows data destruction CVE-2026-41712: ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage CVE-2026-41713: Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor CVE-2026-41002: Spring Cloud Config Server Susceptible To TOCTOU Attack CVE-2026-40982: Directory Traversal with spring-cloud-config-server CVE-2026-40981: Spring Cloud Config Clients Can Access Secrets From Any Project The Config Server Has Access To On Google Secrets Manager CVE-2026-41004: Spring Cloud Config Server Logged Sensitive Information CVE-2026-40968 - Medium - CVE-2026-40968: Spring gRPC SecurityContext leaks across requests on authorization failure CVE-2026-40969 - Low - CVE-2026-40969: Spring gRPC AuthenticationException message reflected to remote client CVE-2026-40966 - Moderate - CVE-2026-40966: VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration CVE-2026-40967 - High - CVE-2026-40967: VectorStore FilterExpression Converter injection CVE-2026-40978 - High - CVE-2026-40978: SQL Injection in CosmosDBVectorStore.doDelete() CVE-2026-40979 - Moderate - CVE-2026-40979: ONNX model cache defaults to world-writable predictable /tmp directory CVE-2026-40980 - Moderate - CVE-2026-40980: OOM by attacker-controlled PDF CVE-2026-40970 - Medium - CVE-2026-40970: Elasticsearch auto-configuration with an SSL bundle disables TLS hostname verification CVE-2026-40971 - Medium - CVE-2026-40971: RabbitMQ auto-configuration with an SSL bundle disables TLS hostname verification CVE-2026-40972 - High - CVE-2026-40972: DevTools remote secret comparison is vulnerable to timing attacks CVE-2026-40973 - High - CVE-2026-40973: Predictable temp directory accepted without ownership verification CVE-2026-40974 - Medium - CVE-2026-40974: Cassandra SSL auto-configuration disables TLS hostname verification CVE-2026-40975 - Medium - CVE-2026-40975: Random value property source uses a weak PRNG unsuitable for secrets CVE-2026-40977 - Medium - CVE-2026-40977: PID file write follows symlinks at predictable default path CVE-2026-40976 - Critical - CVE-2026-40976: Default security filter chain has no authorization rule with Actuator but without Health CVE-2026-22751: Spring Security JdbcOneTimeTokenService allows a one-time token to authenticate multiple sessions CVE-2026-22752: Spring Security Authorization Server Dynamic Client Registration endpoints perform insufficient validation of client metadata CVE-2026-22746: User Attribute Enumeration when Using DaoAuthenticationProvider CVE-2026-22753: Servlet Path Not Correctly Included in Path Matching of HttpSecurity#securityMatchers CVE-2026-22754: Servlet Path Not Correctly Included in Path Matching of XML Authorization Rules CVE-2026-22747: Unauthorized User Impersonation when Using X.509 Client Certificates CVE-2026-22748: Potential Security Misconfiguration when Using withIssuerLocation CVE-2026-22740: Spring Framework DoS with Multipart Temp Files in WebFlux CVE-2026-22741: Static resource cache poisoning in Spring MVC and WebFlux CVE-2026-22745 : Denial of service in static resource handling on Windows platforms CVE-2026-22750: SSL bundle configuration silently bypassed in Spring Cloud Gateway CVE-2026-22738: SpEL Injection via Unescaped Filter Key in SimpleVectorStore Leads to Remote Code Execution CVE-2026-22744: RediSearch Query via Unescaped TAG Filter Values in RedisVectorStore CVE-2026-22743: Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore CVE-2026-22742: Server-Side Request Forgery in BedrockProxyChatModel via Unvalidated Media URL Fetching CVE-2026-22739: Spring Cloud Config Profile Substitution Can Allow Unintended Access To Files And Enable SSRF Attacks CVE-2026-22731: Authentication Bypass under Actuator Health groups paths cve-2026-22732: Under Some Conditions Spring Security HTTP Headers Are not Written CVE-2026-22737: Spring Framework Improper Path Limitation with Script View Templates CVE-2026-22733: Authentication Bypass under Actuator CloudFoundry endpoints CVE-2026-22735: Server Sent Event stream corruption

CVE-2026-40999: Spring WS SSRF via unvalidated WS-Addressing reply destinations

Spring · 2026-06-10 · via Spring Security Advisories

此内容由惯性聚合(RSS阅读器)自动聚合整理，仅供阅读参考。原文来自 — 版权归原作者所有。