CVE-2026-41853

5.3 MEDIUM

Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks

Published: 2026-06-09 · Last updated: 2026-06-09

Severity and scoring

CVSS: 5.3 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE: CWE-444

Description

Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

Source: NVD

References

Related CVEs

Same CWE

CVE-2026-44546 — daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake proces... (3.7 LOW)
CVE-2026-50052 — In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend r...
CVE-2026-49753 — Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in elixir-mint Mint allows attacker-contro...
CVE-2026-45372 — cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library (9.9 CRITICAL)
CVE-2026-6324 — A flaw was found in libsoup (4.8 MEDIUM)