PT-2026-26454 · Spring · Spring Foundation
Published
2026-03-19
·
Updated
2026-03-20
·
CVE-2026-22735
CVSS v3.1
2.6
Low
| AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N |
Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Spring Foundation