216.73.217.80

CVE-2026-40987

· Published 11/06/2026 09:16 · Modified 11/06/2026 15:21 · Author: The MITRE Corporation

Labels: CVE-2026-40987 2026-06-11CVE-2026-40987CWE-22[email protected]

Essential information

Published
11/06/2026 09:16
Modified
11/06/2026 15:21
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
7.1 HIGH (v3.1)
CISA KEV
No
CWE
CWE-22
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L

CVSS metrics

Description

A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem (outside the configured local-directory) with attacker-controlled content. Affected versions: Spring Integration 7.0.0 through 7.0.4; 6.5.0 through 6.5.8; 6.4.0 through 6.4.11; 6.3.0 through 6.3.14; 5.5.0 through 5.5.20.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
springproject / spring integration cpe:2.3:a:springproject:spring_integration:7.0.0-7.0.4:*:*:*:*:*:*:*
springproject / spring integration cpe:2.3:a:springproject:spring_integration:6.5.0-6.5.8:*:*:*:*:*:*:*
springproject / spring integration cpe:2.3:a:springproject:spring_integration:6.4.0-6.4.11:*:*:*:*:*:*:*
springproject / spring integration cpe:2.3:a:springproject:spring_integration:6.3.0-6.3.14:*:*:*:*:*:*:*
springproject / spring integration cpe:2.3:a:springproject:spring_integration:5.5.0-5.5.20:*:*:*:*:*:*:*

References