- Description
- When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to connect to. Affected versions: Spring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8.
- Source
- security@vmware.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.6
- Impact score
- 4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
- Severity
- HIGH
- security@vmware.com
- CWE-918
- Hype score
- Not currently trending
Spring Frameworkで深刻な脆弱性複数が修正。Spring SecurityのXSS CVE-2026-41003、Spring WSのSSRF CVE-2026-40999、XXEのCVE-2026-40998、検証バグのCVE-2026-40994。 https://t.co/yqUcJQ37xA
@__kokumoto
12 Jun 2026
569 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨*CVE* CVE-2026-40999 When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender ins… https://t.co/eRJSJbeMJp ----- Traducción: CVE-2026-40999 Cua… https://t.co/utmtNg
@infoflowcloud
11 Jun 2026
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes