PatchSiren cyber security CVE debrief
CVE-2026-41840 Spring CVE debrief
A Denial of Service (DoS) vulnerability was discovered in Spring WebFlux applications when processing multipart requests. This vulnerability affects Spring Framework versions 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 through 6.1.27, and 5.3.0 through 5.3.48.
- Vendor
- Spring
- Product
- Spring Framework
- CVSS
- MEDIUM 5.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-09
Who should care
Developers and administrators using Spring Framework versions 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 through 6.1.27, and 5.3.0 through 5.3.48 should be aware of this vulnerability and take necessary actions to protect their systems.
Technical summary
The vulnerability has a CVSS score of 5.9 and a severity of MEDIUM. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. The weakness is classified as CWE-400.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade to a non-vulnerable version of Spring Framework.
- Apply patches or updates provided by the vendor.
- Implement additional security measures to prevent DoS attacks.
Evidence notes
The vulnerability was published on 2026-06-09T05:16:35.967Z and modified on 2026-06-09T20:38:34.420Z. The CVE record can be found at [cve-org]. The NVD detail can be found at [nvd]. The vendor advisory can be found at [ref-4].
Official resources
-
CVE-2026-41840 CVE record
CVE.org
-
CVE-2026-41840 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-41840 was published on 2026-06-09T05:16:35.967Z and modified on 2026-06-09T20:38:34.420Z.