CVE-2026-40973

April 28, 2026, 8:11 p.m.

7.0
Medium

Description

A local attacker on the same host as the application may be able to take control of the directory used by `ApplicationTemp`. When `server.servlet.session.persistent` is set to `true` and the attack persists across application restarts, this may allow the attacker to read session information and hijack authenticated users or deploy a gadget chain and execute code as the application's user. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); predictable temp directory / `ApplicationTemp` ownership verification. Versions that are no longer supported are also affected per vendor advisory.

Product(s) Impacted

Vendor Product Versions
Spring
  • Spring Boot
  • 4.0.0-4.0.5, 3.5.0-3.5.13, 3.4.0-3.4.15, 3.3.0-3.3.18, 2.7.0-2.7.32

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-377
Insecure Temporary File
Creating and using insecure temporary files can leave application and system data vulnerable to attack.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
a spring spring_boot 4.0.0-4.0.5 / / / / / / /
a spring spring_boot 3.5.0-3.5.13 / / / / / / /
a spring spring_boot 3.4.0-3.4.15 / / / / / / /
a spring spring_boot 3.3.0-3.3.18 / / / / / / /
a spring spring_boot 2.7.0-2.7.32 / / / / / / /

References

https://spring.io/security/cve-2026-40973

Tags

[email protected]
CWE-377
2026-04-28
CVE-2026-40973

CVSS Score

7.0 / 10

CVSS Data - 3.1

  • Attack Vector: LOCAL
  • Attack Complexity: HIGH
  • Privileges Required: LOW
  • Scope: UNCHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: HIGH
  • Availability Impact: HIGH

    • CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

    View Vector String

Timeline

Published: April 28, 2026, 12:16 a.m.
Last Modified: April 28, 2026, 8:11 p.m.

Status : Undergoing Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.