What is the CVSS score of CVE-2026-40973?

CVE-2026-40973 has a CVSS 3.1 base score of 7.0 (High). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Spring Boot are affected by CVE-2026-40973?

Spring Boot versions 2.7.0 through 4.0.5 contain a local privilege escalation vulnerability that enables attackers with local system access to hijack authenticated user sessions or execute arbitrary…. A patch is available.

Spring Boot CVE-2026-40973

HIGH

Insecure Temporary File (CWE-377)

2026-04-28 security@vmware.com

GHSA-wwpq-f5c3-7hvx

Java Information Disclosure Red Hat

7.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 28, 2026 - 20:23 vuln.today

cvss_changed

Analysis Generated

Apr 28, 2026 - 00:30 vuln.today

Analysis Generated

Apr 28, 2026 - 00:22 vuln.today

CVE Published

Apr 28, 2026 - 00:16 nvd

HIGH 7.0

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

1,891 maven packages depend on org.springframework.boot:spring-boot (120 direct, 1,771 indirect)

Ecosystem-wide dependent count for version 4.0.0.

DescriptionNVD

A local attacker on the same host as the application may be able to take control of the directory used by ApplicationTemp. When server.servlet.session.persistent is set to true and the attack persists across application restarts, this may allow the attacker to read session information and hijack authenticated users or deploy a gadget chain and execute code as the application's user.

Affected: Spring Boot 4.0.0-4.0.5 (fix 4.0.6), 3.5.0-3.5.13 (fix 3.5.14), 3.4.0-3.4.15 (fix 3.4.16), 3.3.0-3.3.18 (fix 3.3.19), 2.7.0-2.7.32 (fix 2.7.33); predictable temp directory / ApplicationTemp ownership verification. Versions that are no longer supported are also affected per vendor advisory.

AnalysisAI

Local privilege escalation and session hijacking in Spring Boot allows attackers with local access to hijack authenticated sessions or execute arbitrary code by taking control of the ApplicationTemp directory. The vulnerability affects Spring Boot versions 2.7.0 through 4.0.5 when server.servlet.session.persistent is enabled, requiring attack persistence across application restarts. …

RemediationAI

Within 24 hours: Identify all Spring Boot deployments and document versions running 2.7.0-4.0.5 with server.servlet.session.persistent enabled. Within 7 days: Apply vendor patches (Spring Boot 4.0.6, 3.5.14, 3.4.16, 3.3.19, or 2.7.33 depending on your version branch) and test in staging environments. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory