PT-2026-26455 · Vmware · Spring Framework
G2H
+1
·
Published
2026-03-19
·
Updated
2026-05-15
·
CVE-2026-22737
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Spring Framework versions 7.0.0 through 7.0.5
Spring Framework versions 6.2.0 through 6.2.16
Spring Framework versions 6.1.0 through 6.1.25
Spring Framework versions 5.3.0 through 5.3.46
Description
The use of Java scripting engine enabled template views, such as JRuby or Jython, in Spring MVC and Spring WebFlux applications can lead to the disclosure of content from files located outside of the intended, configured directories for script template views.
Recommendations
Update Spring Framework to a version later than 7.0.5.
Update Spring Framework to a version later than 6.2.16.
Update Spring Framework to a version later than 6.1.25.
Update Spring Framework to a version later than 5.3.46.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Spring Framework