CVE-2026-40999NVD

Vulnerability Summary

When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to connect to.

Affected versions:
Spring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8.

Severity Level

HIGH(8.6)

Published Date

Jun 11, 2026

Last Modified

Jun 11, 2026

Exploitation Status

????

EPSS Score (30-Day)

0.03%Probability

Root Weakness (CWE)

CWE-918: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeChanged

ConfidentialityHigh

IntegrityNone

AvailabilityNone

External References

https://spring.io/security/cve-2026-40999

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2026-40999NVD

Vulnerability Summary

External References