216.73.217.24

CVE-2026-40992

· Published 11/06/2026 09:16 · Modified 11/06/2026 15:21 · Author: The MITRE Corporation

Labels: CVE-2026-40992 2026-06-11CVE-2026-40992CWE-295[email protected]

Essential information

Published
11/06/2026 09:16
Modified
11/06/2026 15:21
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
5.0 MEDIUM (v3.1)
CISA KEV
No
CWE
CWE-295
CVSS vector
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS metrics

Description

Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.mail.properties.mail.smtp.ssl.checkserveridentity=true, are not affected. Affected versions: Spring Boot 4.0.0 through 4.0.6; 3.5.0 through 3.5.14; 3.4.0 through 3.4.16.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
springproject / spring boot cpe:2.3:a:springproject:spring_boot:4.0.0-4.0.6:*:*:*:*:*:*:*
springproject / spring boot cpe:2.3:a:springproject:spring_boot:3.5.0-3.5.14:*:*:*:*:*:*:*
springproject / spring boot cpe:2.3:a:springproject:spring_boot:3.4.0-3.4.16:*:*:*:*:*:*:*

References