PatchSiren cyber security CVE debrief
CVE-2026-41853 Spring CVE debrief
CVE-2026-41853 is a vulnerability in Spring MVC and WebFlux applications that allows for Multipart request smuggling attacks. The affected versions are Spring Framework 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 through 6.1.27, and 5.3.0 through 5.3.48. The CVSS score for this vulnerability is 5.3, with a severity rating of MEDIUM.
- Vendor
- Spring
- Product
- Spring Framework
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-15
Who should care
Developers and administrators of Spring MVC and WebFlux applications should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability is caused by improper handling of multipart requests in Spring MVC and WebFlux applications. This allows an attacker to smuggle requests, potentially leading to security issues.
Defensive priority
MEDIUM
Recommended defensive actions
- Upgrade to a non-vulnerable version of Spring Framework.
- Apply patches or updates provided by the vendor.
- Review and update application configurations to prevent exploitation.
Evidence notes
The CVE record and NVD detail pages provide additional information on this vulnerability.
Official resources
-
CVE-2026-41853 CVE record
CVE.org
-
CVE-2026-41853 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-41853 was published on [2026-06-09T05:16:37.523Z](https://www.cve.org/CVERecord?id=CVE-2026-41853) and last modified on [2026-06-15T19:50:56.560Z](https://nvd.nist.gov/vuln/detail/CVE-2026-41853).