CVE-2026-40478

high Red Hat
CVSS v3 Base Score
8.5
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.1%
Exploitation probability in 30 days
Top 82% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Confidentiality
High
Integrity
High
Availability
High
Published: April 17, 2026 (83 days ago)
Last Modified: April 17, 2026
Vendor: Red Hat
Source: REDHAT

Description

Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it fails to properly neutralize specific syntax patterns that allow for the execution of unauthorized expressions. If an application developer passes unvalidated user input directly to the template engine, an unauthenticated remote attacker can bypass the library's protections to achieve Server-Side Template Injection (SSTI). This issue has ben fixed in version 3.1.4.RELEASE.

CWE

CWE-917

Affected Products

Red Hat build of Apache Camel for Spring Boot 4Red Hat Fuse 7Red Hat JBoss Enterprise Application Platform 7Red Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat OpenShift Dev SpacesRed Hat Single Sign-On 7

References