PatchSiren cyber security CVE debrief
CVE-2026-41710 Spring CVE debrief
CVE-2026-41710 is a medium-severity vulnerability affecting Spring Retry versions 2.0.0 through 2.0.12 and 1.3.0 through 1.3.4. An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. Once the cache is full, it permanently rejects any further updates, causing all later stateful retries and circuit breakers in the application to fail.
- Vendor
- Spring
- Product
- Spring Retry
- CVSS
- MEDIUM 5.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-09
Who should care
Users of Spring Retry versions 2.0.0 through 2.0.12 and 1.3.0 through 1.3.4 should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability has a CVSS score of 5.9 and is classified as MEDIUM severity. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. The weakness is classified as CWE-770.
Defensive priority
High
Recommended defensive actions
- Upgrade to a version of Spring Retry that is not vulnerable (e.g., version 2.0.13 or later, or 1.3.5 or later).
- Implement rate limiting or other measures to prevent an attacker from crafting a large number of unique requests.
Evidence notes
The CVE record and NVD detail can be found at [cve-org] and [nvd], respectively. Additional information can be found at [ref-4].
Official resources
-
CVE-2026-41710 CVE record
CVE.org
-
CVE-2026-41710 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-41710 was published on 2026-06-09T05:16:35.147Z and modified on 2026-06-09T13:49:39.993Z.