CVE-2026-40973

Name of the Vulnerable Software and Affected Versions Spring Boot versions 4.0.0 through 4.0.5 Spring Boot versions 3.5.0 through 3.5.13 Spring Boot versions 3.4.0 through 3.4.15 Spring Boot versions 3.3.0 through 3.3.18 Spring Boot versions 2.7.0 through 2.7.32 Spring Boot versions prior to 2.7.0

Description A local attacker on the same host as the application can take control of the directory used by ApplicationTemp due to predictable temporary directory paths and lack of ownership verification. If the variable server.servlet.session.persistent is set to true and the attack persists across application restarts, the attacker may read session information to hijack authenticated users or deploy a gadget chain to execute code as the application user.

Recommendations Update to version 4.0.6 Update to version 3.5.14 Update to version 3.4.16 Update to version 3.3.19 Update to version 2.7.33