PT-2026-35909 · Vmware · Spring Mvc+1

Bocheng Xiang

Published

2026-04-29

Updated

2026-05-15

CVE-2026-22745

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Spring MVC (affected versions not specified) Spring WebFlux (affected versions not specified)

Description Applications using Spring MVC or Spring WebFlux are susceptible to Denial of Service attacks when serving static resources from the file system on Windows platforms. An attacker can send malicious requests that are slow to resolve, causing HTTP connections to remain occupied and leading to a service outage.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2026-22745

GHSA-6P4F-WCWH-5VVM

Affected Products

Spring Mvc

Spring Webflux

PT-2026-35909 · Vmware · Spring Mvc+1

CVE-2026-22745

Weakness Enumeration

Related Identifiers

Affected Products

References · 7