PT-2026-26454 · Vmware · Spring+3

G2H

Publicado

2026-03-19

Atualizado

2026-05-15

CVE-2026-22735

CVSS v3.1

2.6

Baixa

Vetor

AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Spring Foundation versions 5.3.0 through 5.3.46 Spring Foundation versions 6.1.0 through 6.1.25 Spring Foundation versions 6.2.0 through 6.2.16 Spring Foundation versions 7.0.0 through 7.0.5

Description Spring MVC and WebFlux applications are susceptible to stream corruption when utilizing Server-Sent Events (SSE). This issue impacts applications using Spring Foundation.

Recommendations Update to a version beyond 5.3.46 Update to a version beyond 6.1.25 Update to a version beyond 6.2.16 Update to a version beyond 7.0.5

Correção

Improper Locking

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-667

Identificadores relacionados

CLEANSTART-2026-IS05941

CLEANSTART-2026-KT07616

CLEANSTART-2026-MQ18886

CVE-2026-22735

GHSA-6HCQ-HMM3-JJ3C

Produtos afetados

Spring

Spring Foundation

Spring Mvc

Spring Webflux

PT-2026-26454 · Vmware · Spring+3

CVE-2026-22735

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 59