CVE-2026-41003

high VMware
CVSS v3 Base Score
7.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
EPSS Score
0.2%
Exploitation probability in 30 days
Top 90% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Confidentiality
High
Integrity
Low
Availability
None
Published: June 10, 2026 (29 days ago)
Last Modified: June 27, 2026
Vendor: VMware
Source: NVD

Description

An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters. Affected versions: Spring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5.

CWE

CWE-79

Affected Products

vmware spring security

References