CVE-2026-41847

Published: Jun 9, 2026Modified: Jun 11, 2026

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL. Affected versions: Spring Framework 5.3.0 through 5.3.48.

Affected (1)

Products: Vmware: Spring Framework

Vmware

1 product

Spring Framework

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Vmware Spring Framework	From 5.3.0 to 5.3.49

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

https://spring.io/security/cve-2026-41847

Source: security@vmware.com

Vendor Advisory

Timeline

No history available yet.