PT-2026-26454 · Vmware · Spring+3
G2H
+1
·
Published
2026-03-19
·
Updated
2026-05-15
·
CVE-2026-22735
CVSS v3.1
2.6
Low
| Vector | AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Spring Foundation versions 5.3.0 through 5.3.46
Spring Foundation versions 6.1.0 through 6.1.25
Spring Foundation versions 6.2.0 through 6.2.16
Spring Foundation versions 7.0.0 through 7.0.5
Description
Spring MVC and WebFlux applications are susceptible to stream corruption when utilizing Server-Sent Events (SSE). This issue impacts applications using Spring Foundation.
Recommendations
Update to a version beyond 5.3.46
Update to a version beyond 6.1.25
Update to a version beyond 6.2.16
Update to a version beyond 7.0.5
Fix
Improper Locking
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Spring
Spring Foundation
Spring Mvc
Spring Webflux