{"api_version":"1","generated_at":"2026-06-23T20:25:22+00:00","cve":"CVE-2026-41715","urls":{"html":"https://cve.report/CVE-2026-41715","api":"https://cve.report/api/cve/CVE-2026-41715.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-41715","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-41715"},"summary":{"title":"Reactor Netty HTTP Client Leaks Credentials On Protocol Downgrade Redirect","description":"In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.\n\nAffected versions:\nReactor Netty 1.0.0 through 1.0.51; 1.1.0 through 1.1.35; 1.2.0 through 1.2.17; 1.3.0 through 1.3.5.","state":"PUBLISHED","assigner":"vmware","published_at":"2026-06-09 05:16:35","updated_at":"2026-06-09 13:49:39"},"problem_types":["CWE-522","CWE-522 CWE-522: Insufficiently Protected Credentials"],"metrics":[{"version":"3.1","source":"security@vmware.com","type":"Secondary","score":"6.1","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"6.1","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","version":"3.1"}}],"references":[{"url":"https://spring.io/security/cve-2026-41715","name":"https://spring.io/security/cve-2026-41715","refsource":"security@vmware.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-41715","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41715","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Spring","product":"Reactor Netty","version":"affected 1.0.0 1.0.52 custom","platforms":[]},{"source":"CNA","vendor":"Spring","product":"Reactor Netty","version":"affected 1.1.0 1.1.36 custom","platforms":[]},{"source":"CNA","vendor":"Spring","product":"Reactor Netty","version":"affected 1.2.0 1.2.18 custom","platforms":[]},{"source":"CNA","vendor":"Spring","product":"Reactor Netty","version":"affected 1.3.0 1.3.6 custom","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"41715","cve":"CVE-2026-41715","epss":"0.001720000","percentile":"0.067790000","score_date":"2026-06-16","updated_at":"2026-06-17 00:05:46"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Reactor Netty","vendor":"Spring","versions":[{"lessThan":"1.0.52","status":"affected","version":"1.0.0","versionType":"custom"},{"lessThan":"1.1.36","status":"affected","version":"1.1.0","versionType":"custom"},{"lessThan":"1.2.18","status":"affected","version":"1.2.0","versionType":"custom"},{"lessThan":"1.3.6","status":"affected","version":"1.3.0","versionType":"custom"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.\n\nAffected versions:\nReactor Netty 1.0.0 through 1.0.51; 1.1.0 through 1.1.35; 1.2.0 through 1.2.17; 1.3.0 through 1.3.5."}],"value":"In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.\n\nAffected versions:\nReactor Netty 1.0.0 through 1.0.51; 1.1.0 through 1.1.35; 1.2.0 through 1.2.17; 1.3.0 through 1.3.5."}],"impacts":[{"descriptions":[{"lang":"en","value":"The Reactor Netty HTTP client may expose credentials when following a redirect from a secure (HTTPS) to an insecure (HTTP) endpoint, leading to information disclosure."}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-522","description":"CWE-522: Insufficiently Protected Credentials","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-09T03:48:41.439Z","orgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","shortName":"vmware"},"references":[{"url":"https://spring.io/security/cve-2026-41715"}],"source":{"discovery":"UNKNOWN"},"title":"Reactor Netty HTTP Client Leaks Credentials On Protocol Downgrade Redirect","x_generator":{"engine":"Vulnogram 1.0.1"}}},"cveMetadata":{"assignerOrgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","assignerShortName":"vmware","cveId":"CVE-2026-41715","datePublished":"2026-06-09T03:48:41.439Z","dateReserved":"2026-04-22T06:21:37.020Z","dateUpdated":"2026-06-09T03:48:41.439Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-09 05:16:35","lastModifiedDate":"2026-06-09 13:49:39","problem_types":["CWE-522","CWE-522 CWE-522: Insufficiently Protected Credentials"],"metrics":{"cvssMetricV31":[{"source":"security@vmware.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"41715","Ordinal":"1","Title":"Reactor Netty HTTP Client Leaks Credentials On Protocol Downgrad","CVE":"CVE-2026-41715","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"41715","Ordinal":"1","NoteData":"In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.\n\nAffected versions:\nReactor Netty 1.0.0 through 1.0.51; 1.1.0 through 1.1.35; 1.2.0 through 1.2.17; 1.3.0 through 1.3.5.","Type":"Description","Title":"Reactor Netty HTTP Client Leaks Credentials On Protocol Downgrad"}]}}}