CVE-2026-41841 Vulnerability Analysis & Exploit Details

CVE-2026-41841 Vulnerability Summary

CVE-2026-41841: Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

CVE-2026-41841 References

External References

• https://spring.io/security/cve-2026-41841

CWE Common Weakness Enumeration

CAPEC Common Attack Pattern Enumeration and Classification

• Lifting Sensitive Data Embedded in Cache CAPEC-204 An adversary examines a target application's cache, or a browser cache, for sensitive information. Many applications that communicate with remote entities or which perform intensive calculations utilize caches to improve efficiency. However, if the application computes or receives sensitive information and the cache is not appropriately protected, an attacker can browse the cache and retrieve this information. This can result in the disclosure of sensitive information.

Vulnerable Configurations

• cpe:2.3:a:vmware:spring_framework:5.3.0:-:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.0:-:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.0:rc1:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.0:rc1:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.0:rc2:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.0:rc2:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.0:milestone1:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.0:milestone1:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.0:milestone2:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.0:milestone2:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.1:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.1:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.2:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.2:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.3:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.3:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.4:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.4:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.5:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.5:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.6:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.6:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.7:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.7:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.8:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.8:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.9:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.9:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.10:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.10:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.11:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.11:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.12:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.12:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.13:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.13:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.14:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.14:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.15:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.15:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.16:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.17:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.18:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.18:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.19:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.20:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.20:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.21:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.21:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.22:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.22:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.23:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.24:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.24:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.25:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.25:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.26:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.26:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.27:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.27:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.28:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.28:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.29:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.29:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.30:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.30:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.31:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.31:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.32:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.32:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.33:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.33:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.34:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.34:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.35:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.35:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.36:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.36:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.37:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.37:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.38:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.38:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.39:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.40:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.40:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:5.3.41:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:5.3.41:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.0:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.0:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.0:-:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.0:-:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.0:rc1:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.0:rc1:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.0:rc2:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.0:rc2:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.0:milestone1:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.0:milestone1:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.0:milestone2:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.0:milestone2:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.0:milestone3:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.0:milestone3:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.0:milestone4:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.0:milestone4:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.0:milestone5:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.0:milestone5:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.1:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.1:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.2:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.2:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.3:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.3:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.4:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.4:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.5:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.5:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.6:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.6:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.7:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.7:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.8:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.8:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.9:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.9:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.10:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.10:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.11:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.11:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.12:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.12:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.13:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.13:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.14:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.14:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.15:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.15:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.16:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.16:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.17:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.17:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.18:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.18:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.19:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.19:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.1.20:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.1.20:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.2.0:-:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.2.0:-:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.2.0:rc1:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.2.0:rc1:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.2.0:rc2:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.2.0:rc2:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.2.0:rc3:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.2.0:rc3:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.2.0:milestone1:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.2.0:milestone1:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.2.0:milestone2:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.2.0:milestone2:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.2.0:milestone3:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.2.0:milestone3:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.2.0:milestone4:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.2.0:milestone4:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.2.0:milestone5:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.2.0:milestone5:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.2.0:milestone6:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.2.0:milestone6:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.2.0:milestone7:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.2.0:milestone7:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.2.1:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.2.1:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.2.2:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.2.2:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.2.3:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.2.3:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.2.4:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.2.4:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.2.5:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.2.5:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.2.6:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.2.6:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:6.2.7:*:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:6.2.7:*:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:7.0.0:milestone1:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:7.0.0:milestone1:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:7.0.0:milestone2:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:7.0.0:milestone2:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:7.0.0:milestone3:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:7.0.0:milestone3:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:7.0.0:milestone4:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:7.0.0:milestone4:*:*:*:*:*:*
• cpe:2.3:a:vmware:spring_framework:7.0.0:milestone5:*:*:*:*:*:*
  cpe:2.3:a:vmware:spring_framework:7.0.0:milestone5:*:*:*:*:*:*

Other 5 Recently Published CVEs Vulnerabilities

• CVE-2026-5497 – vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to unbounded frame count processing in th...
• CVE-2026-53911 – Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom ...
• CVE-2026-11850 – An integer underflow vulnerability was found in MIT krb5 in the berval2tl_data() function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c. The fu...
• CVE-2025-7064 – Authentication bypass by primary weakness vulnerability in ABB Freelance. This issue affects Freelance: through 2013, 2013 SP1, 2016, 2016 SP1, 20...
• CVE-2022-44630 – Cross-Site request forgery (CSRF) vulnerability in YITH YITH WooCommerce Product Slider Carousel allows Cross Site Request Forgery. This issue aff...