PT-2026-26455 · Vmware · Spring Framework

G2H

Publicado

2026-03-19

Atualizado

2026-05-15

CVE-2026-22737

CVSS v3.1

5.9

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.5 Spring Framework versions 6.2.0 through 6.2.16 Spring Framework versions 6.1.0 through 6.1.25 Spring Framework versions 5.3.0 through 5.3.46

Description The use of Java scripting engine enabled template views, such as JRuby or Jython, in Spring MVC and Spring WebFlux applications can lead to the disclosure of content from files located outside of the intended, configured directories for script template views.

Recommendations Update Spring Framework to a version later than 7.0.5. Update Spring Framework to a version later than 6.2.16. Update Spring Framework to a version later than 6.1.25. Update Spring Framework to a version later than 5.3.46.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

CLEANSTART-2026-IS05941

CLEANSTART-2026-KT07616

CLEANSTART-2026-MQ18886

CVE-2026-22737

GHSA-4773-3JFM-QMX3

Produtos afetados

Spring Framework

PT-2026-26455 · Vmware · Spring Framework

CVE-2026-22737

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 60