CVE-2026-41841
MEDIUMDescription
Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.
Is your site exposed to CVE-2026-41841?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| vmware | spring_framework |
| vmware | spring_framework |
| vmware | spring_framework |
| vmware | spring_framework |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2026-41841? +
How severe is CVE-2026-41841? +
What products are affected by CVE-2026-41841? +
How do I check if I'm vulnerable to CVE-2026-41841? +
Related Vulnerabilities
Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is a cache isolation issue affecting …
An insufficient implementation of cache vulnerability in Palo Alto Networks Prisma® Access Browser enables users to bypass certain data control …
An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to the management …
Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results …
The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In …
Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie …