Do Son 
Two Severe Vulnerabilities Discovered
Developers must act now to secure Java apps. The team found critical Spring HATEOAS flaws that harm code safety. Therefore, teams should check setups fast. These risks let attackers bypass controls or crash servers.
The first big issue is CVE-2026-41006. This bug involves bad data reading in some types. Specifically, the tools handle the Collection JSON and UBER types in a poor way. Consequently, an internal path skips vital checks during the run. If your app exposes data models with weak setters, bad actors might exploit this gap. Thus, users can change data easily.
Unbounded Caching Leads to Heap Exhaustion
The second flaw is CVE-2026-41007. This bug triggers bad app speed and stops tools. This risk comes from a huge static cache in the code. Specifically, the tool stores incoming strings in memory with no clear limits. As a result, bad actors can send bad links to fill the heap space. This act causes a quick crash of the server.
Affected Versions and Emergency Mitigation
Both Spring HATEOAS flaws impact many old versions. Specifically, versions 1.5 through 3.0 contain these bugs. Therefore, you must upgrade your tools to stop active attacks.
Fortunately, the team released new code to fix these issues. Open source users can upgrade to versions 2.5.3 or 3.0.4 now. However, old versions require support plans. We suggest swift updates.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
