SecuriTricks - CVE-2026-41001

Description

Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts. Affected versions: Spring Boot 4.0.0 through 4.0.6; 3.5.0 through 3.5.14; 3.4.0 through 3.4.16; 3.3.0 through 3.3.19; 2.7.0 through 2.7.33.

Product(s) Impacted

Vendor	Product	Versions
Spring	Spring Boot	4.0.0-4.0.6, 3.5.0-3.5.14, 3.4.0-3.4.16, 3.3.0-3.3.19, 2.7.0-2.7.33

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-377

Insecure Temporary File

Creating and using insecure temporary files can leave application and system data vulnerable to attack.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	spring	spring_boot	4.0.0-4.0.6	/	/	/	/	/	/	/
a	spring	spring_boot	3.5.0-3.5.14	/	/	/	/	/	/	/
a	spring	spring_boot	3.4.0-3.4.16	/	/	/	/	/	/	/
a	spring	spring_boot	3.3.0-3.3.19	/	/	/	/	/	/	/
a	spring	spring_boot	2.7.0-2.7.33	/	/	/	/	/	/	/

References

https://spring.io/security/cve-2026-41001

CVSS Score

5.3 / 10

CVSS Data - 3.1

Attack Vector: LOCAL
Attack Complexity: LOW
Privileges Required: LOW
Scope: UNCHANGED
Confidentiality Impact: LOW
Integrity Impact: LOW
Availability Impact: LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

View Vector String

Timeline

Published: June 11, 2026, 7:16 a.m.
Last Modified: June 11, 2026, 7:16 a.m.

Status : Received

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

CVE-2026-41001