CVE-2026-40998

CVSS Score & Metrics

Base Score

8.2 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N                                    

Vulnerability Description

Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled XML with the JDK's default DocumentBuilderFactory behavior instead of Spring's hardened parser configuration. Applications that evaluate XPath against untrusted XML payloads could therefore be exposed to XML External Entity (XXE) style attacks.

Affected versions:
Spring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8.

Vulnerability Details

Published Date

June 11, 2026

Last Modified

June 11, 2026

CWE ID

CWE-611

Source

NVD

Vendor

Spring

Product

Spring Web Services

External References

https://spring.io/security/cve-2026-40998

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment