PatchSiren cyber security CVE debrief
CVE-2026-41845 Vmware CVE debrief
CVE-2026-41845 is a high-severity vulnerability in the Spring Framework, a popular Java framework for building enterprise-level applications. The vulnerability has a CVSS score of 7.1 and is classified as HIGH. It was published on 2026-06-09T05:16:36.557Z and modified on 2026-06-11T16:12:37.023Z.
- Vendor
- Vmware
- Product
- Spring Framework
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-11
Who should care
Developers and administrators using Spring Framework versions 7.0.0 through 7.0.7, 6.2.0 through 6.2.18, 6.1.0 through 6.1.27, and 5.3.0 through 5.3.48 should be aware of this vulnerability.
Technical summary
The vulnerability is caused by incorrect escaping in the JavaScriptUtils.javaScriptEscape() method, which could lead to JavaScript code injection in the browser, potentially resulting in a cross-site scripting (XSS) vulnerability.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to a non-vulnerable version of Spring Framework.
- Apply patches or updates provided by the vendor.
- Implement additional security measures to prevent XSS attacks.
Evidence notes
The CVE record and NVD detail pages provide additional information about the vulnerability.
Official resources
-
CVE-2026-41845 CVE record
CVE.org
-
CVE-2026-41845 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-41845 was published on 2026-06-09T05:16:36.557Z and modified on 2026-06-11T16:12:37.023Z.