CVE-2026-22741

medium Red Hat
CVSS v3 Base Score
5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.1%
Exploitation probability in 30 days
Top 80% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Confidentiality
None
Integrity
None
Availability
High
Published: April 29, 2026 (72 days ago)
Last Modified: April 29, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in Spring MVC and Spring WebFlux applications. A remote attacker can exploit this vulnerability by sending malicious requests to poison the resource cache with incorrectly encoded resources. This can lead to a denial of service (DoS) by disrupting the front-end application for clients. This vulnerability occurs when the application uses resource chain support with caching enabled, supports encoded resource resolution, and the resource cache is empty.

CWE

CWE-838

Affected Products

Red Hat AMQ Broker 7Red Hat build of Apache Camel for Spring Boot 4Red Hat build of Apache Camel - HawtIO 4Red Hat build of OptaPlanner 8Red Hat Data Grid 8Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Fuse 7Red Hat JBoss Enterprise Application Platform 7Red Hat JBoss Enterprise Application Platform 8

References