PatchSiren cyber security CVE debrief
CVE-2026-41842 Spring CVE debrief
CVE-2026-41842 is a HIGH severity vulnerability in Spring MVC and WebFlux applications, allowing for Denial of Service (DoS) attacks when resolving static resources. The vulnerability affects Spring Framework versions 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 through 6.1.27, and 5.3.0 through 5.3.48.
- Vendor
- Spring
- Product
- Spring Framework
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-09
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-09
Who should care
Users of affected Spring Framework versions should update to patched versions to prevent potential DoS attacks.
Technical summary
The vulnerability is caused by improper handling of static resources in Spring MVC and WebFlux applications, leading to a Denial of Service (DoS) condition. The CVSS score for this vulnerability is 7.5, indicating a HIGH severity level.
Defensive priority
HIGH
Recommended defensive actions
- Update to Spring Framework version 7.0.8 or later
- Update to Spring Framework version 6.2.19 or later
- Update to Spring Framework version 6.1.28 or later
- Update to Spring Framework version 5.3.49 or later
Evidence notes
The CVE-2026-41842 vulnerability was published on June 9, 2026, and modified on June 9, 2026. The vulnerability is tracked by CVE.org and detailed in the NVD.
Official resources
-
CVE-2026-41842 CVE record
CVE.org
-
CVE-2026-41842 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-41842 was published on 2026-06-09T05:16:36.203Z and modified on 2026-06-09T20:37:36.143Z.