Multiple security vulnerabilities have been identified in the Spring Framework as detailed in the Spring security bulletins dated April 17, 2026. These include CVE-2026-22740, CVE-2026-22741, and CVE-2026-22745. Specific technical details and affected versions are documented in the official Spring security bulletins.
| Vendor | Product | Versions |
|---|---|---|
| vmware | spring framework | 5.3.0 to 5.3.47, 6.1.0 to 6.1.26, 6.2.0 to 6.2.17, 7.0.0 to 7.0.6 |
Added affected versions for Spring Framework and updated severity to HIGH, indicating that the vulnerabilities are actively exploited.
Initial creation
