Critical Vulnerabilities in Spring Boot

72% confidence

Description

Multiple critical vulnerabilities affecting Spring Boot versions prior to 4.0.6, 3.5.14, 3.4.16, 3.3.19, and 2.7.33. Users are advised to update to the fixed versions to mitigate these vulnerabilities.

Affected Products

Vendor	Product	Versions
vmware	spring boot	< 4.0.6, < 3.5.14, < 3.4.16, < 3.3.19, < 2.7.33

Related News (1 articles)

Tier B

CCCS Canada2h ago

Spring security advisory (AV26-386)

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

Patch available

4.0.6

PublishedApr 23, 2026

Last enriched2h ago

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-22740EXP

Multiple Vulnerabilities in Spring Framework

Trending: 32

CRITICALCVE-2026-22738

In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code.

Trending: 2

HIGHCVE-2026-22719EXPKEV

VMware Aria Operations command injection vulnerability

HIGHCVE-2026-22720

VMware Aria Operations stored cross-site scripting vulnerability

CRITICALCVE-2026-22732

Under Some Conditions Spring Security HTTP Headers Are not Written

Pin to Dashboard

Verification

State: reported

Confidence: 72%

Vulnerability Timeline

CVE Published

Apr 23, 2026

Patch Available

Apr 23, 2026

Discovered by ZDM

Apr 23, 2026