Zurück zur CVE-Übersicht
CVE-2026-41854
MEDIUM(4.2)CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Risk Signal Score16/100 — NIEDRIG
- CVSS 4.2 — Mittel
EPSS-Score
0%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
4.2
Technische Schwere
Beschreibung
Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery (SSRF) attack. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18.