CVE-2026-40977

medium Red Hat
CVSS v3 Base Score
5.3
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
EPSS Score
0.0%
Exploitation probability in 30 days
Top 95% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Confidentiality
None
Integrity
Low
Availability
High
Published: April 27, 2026 (73 days ago)
Last Modified: April 27, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in Spring Boot when an application is configured to use `ApplicationPidFileWriter`. A local attacker with write access to the PID file's location can exploit this vulnerability to corrupt one arbitrary file on the host each time the application is started. This can lead to data integrity issues or a denial of service (DoS) by rendering critical system files unusable.

CWE

CWE-59

Affected Products

Red Hat AMQ Broker 7Red Hat AMQ ClientsRed Hat build of Apache Camel for Spring Boot 4Red Hat build of Apache Camel - HawtIO 4Red Hat build of OptaPlanner 8Red Hat Data Grid 8Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat Fuse 7Red Hat JBoss Enterprise Application Platform 7

References