216.73.217.139

CVE-2026-22735

· Published 20/03/2026 00:16 · Modified 20/03/2026 15:16

Labels: CVE-2026-22735 2026-03-20CVE-2026-22735CWE-667[email protected]

Essential information

Published
20/03/2026 00:16
Modified
20/03/2026 15:16
Author
Creator
CVSS
2.6 LOW (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

CVSS metrics

Description

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
spring / spring framework cpe:2.3:a:spring:spring_framework:5.3.0-5.3.46:*:*:*:*:*:*:*
spring / spring framework cpe:2.3:a:spring:spring_framework:6.1.0-6.1.25:*:*:*:*:*:*:*
spring / spring framework cpe:2.3:a:spring:spring_framework:6.2.0-6.2.16:*:*:*:*:*:*:*
spring / spring framework cpe:2.3:a:spring:spring_framework:7.0.0-7.0.5:*:*:*:*:*:*:*

References