PT-2026-48615 · Spring · Spring Integration
Published
2026-06-11
·
Updated
2026-06-11
·
CVE-2026-40987
CVSS v3.1
7.1
High
| Vector | AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L |
A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem (outside the configured local-directory) with attacker-controlled content.
Affected versions:
Spring Integration 7.0.0 through 7.0.4; 6.5.0 through 6.5.8; 6.4.0 through 6.4.11; 6.3.0 through 6.3.14; 5.5.0 through 5.5.20.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Spring Integration