Known Vulnerabilities for Spring by Spring
Listed below are 1 of the newest known vulnerabilities associated with "Spring" by "Spring".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-62242 json | Spring Boot Admin Server before 4.1.2 contains a server-side request forgery vulnerability that allows unauthenticated attack... | Not Provided | 2026-07-13 | 2026-07-13 |
| CVE-2026-56091 json | When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause an a... | Not Provided | 2026-06-25 | 2026-06-25 |
| CVE-2026-50338 json | Improper authentication in Azure Spring Apps allows an authorized attacker to elevate privileges over a network. | Not Provided | 2026-07-14 | 2026-07-14 |
| CVE-2026-50201 json | Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. ... | Not Provided | 2026-06-17 | 2026-06-18 |
| CVE-2026-50196 json | Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. ... | Not Provided | 2026-06-17 | 2026-06-18 |
| CVE-2026-49979 json | Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test... | Not Provided | 2026-06-24 | 2026-06-26 |
| CVE-2026-47838 json | SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to re... | Not Provided | 2026-06-10 | 2026-06-30 |
| CVE-2026-47835 json | In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, Op... | Not Provided | 2026-06-15 | 2026-06-15 |
| CVE-2026-47825 json | Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuratio... | Not Provided | 2026-06-15 | 2026-06-23 |
| CVE-2026-45609 json | mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-sec... | Not Provided | 2026-05-29 | 2026-06-02 |