CVE-2026-22741

Name of the Vulnerable Software and Affected Versions Spring MVC (affected versions not specified) Spring WebFlux (affected versions not specified)

Description Applications using Spring MVC or Spring WebFlux are susceptible to cache poisoning during the resolution of static resources. This occurs when resource chain support is configured with caching enabled and support for encoded resources resolution is added, provided the resource cache is empty. An attacker can send malicious requests to poison the resource cache with resources using incorrect encoding, potentially leading to a denial of service by breaking the front-end application for clients.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.