What is the CVSS score of CVE-2026-41008?

CVE-2026-41008 has a CVSS 3.1 base score of 6.1 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-41008?

Yes, a patch is available for CVE-2026-41008. Update the affected software to the latest version immediately.

Spring Authorization Server CVE-2026-41008

EUVD-2026-35888 MEDIUM

URL Redirection to Untrusted Site (Open Redirect) (CWE-601)

2026-06-10 security@vmware.com

GHSA-4r8w-73jc-3m7q

Open Redirect Java

6.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Patch available

Jun 10, 2026 - 02:01 EUVD

Analysis Generated

Jun 10, 2026 - 00:38 vuln.today

DescriptionNVD

Spring Security Authorization Server's authorization endpoint performs insufficient validation of the request_uri parameter. An attacker can craft a malicious authorization request containing an invalid request_uri and an arbitrary, unvalidated redirect_uri, which can lead to an Open Redirect vulnerability.

Affected versions: Spring Security 7.0.0 through 7.0.5. Spring Authorization Server 1.5.0 through 1.5.7.

AnalysisAI

Spring Authorization Server's authorization endpoint fails to adequately validate the OAuth2/OIDC request_uri parameter, enabling unauthenticated remote attackers to craft authorization requests that bypass redirect URI validation entirely. Affected deployments running Spring Authorization Server 1.5.0-1.5.7 or Spring Security 7.0.0-7.0.5 can be exploited to redirect authenticated users to attacker-controlled destinations, a particularly elevated risk given that victims inherently trust the authorization server's domain during OAuth login flows. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Craft authorization URL with invalid request_uri and arbitrary redirect_uri

Delivery

Deliver malicious link to victim via phishing

Exploit

Victim navigates to trusted authorization server domain

Install

Victim authenticates normally

Server processes invalid request_uri without validating redirect_uri

Execute

Browser redirected to attacker-controlled URI

Impact

Attacker harvests credentials or tokens

Recon

Craft authorization URL with invalid request_uri and arbitrary redirect_uri

Delivery

Deliver malicious link to victim via phishing

Exploit

Victim navigates to trusted authorization server domain

Install

Victim authenticates normally

Server processes invalid request_uri without validating redirect_uri

Execute

Browser redirected to attacker-controlled URI

Impact

Attacker harvests credentials or tokens

Vulnerability AssessmentAI

Exploitation	The authorization endpoint must be network-accessible, which is the standard and expected deployment posture for any OAuth2/OIDC authorization server. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 6.1 Medium score is composed of network attack vector (AV:N), low complexity (AC:L), no required privileges (PR:N), required user interaction (UI:R), changed scope (S:C), and low confidentiality and integrity impact (C:L/I:L/A:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker constructs a malicious OAuth2 authorization URL targeting a vulnerable Spring Authorization Server, embedding a syntactically invalid `request_uri` value alongside an attacker-controlled `redirect_uri` pointing to a credential-harvesting page styled to mimic a legitimate post-authentication destination. The attacker delivers this URL via a phishing email to users of an application that relies on the affected authorization server; when a victim clicks the link and completes authentication, the server - having failed to validate the redirect destination - sends the victim's browser to the attacker's site, where tokens, session state, or credentials can be captured. …
Remediation	Upgrade Spring Authorization Server beyond 1.5.7 and Spring Security beyond 7.0.5 per the vendor advisory at https://spring.io/security/cve-2026-41008. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-48856 HIGH This Week

7.1 Jun 10

Credential leakage in Erlang/OTP's inets httpc client (versions 17.0 through 29.0.2, 28.5.0.2, and 27.3.4.13) allows att

CVE-2026-11477 LOW Monitor POC

2.1 Jun 08

Open redirect in hs-web hsweb-framework's OAuth2Client component (versions up to 5.0.1) allows remote unauthenticated at

CVE-2026-21826 MEDIUM This Month

6.1 Jun 05

Host header injection in HCL Digital Experience and HCL Digital Experience Compose enables unauthenticated remote attack

CVE-2026-44889 MEDIUM This Month

6.1 Jun 04

Open redirect in WebOb (pip/webob <= 1.8.9) enables unauthenticated network attackers to redirect victims to arbitrary a

CVE-2026-41706 MEDIUM This Month

6.1 Jun 10

Open redirect in Spring Security's cookie-based saved-request components allows remote unauthenticated attackers to redi

CVE-2026-41008 vulnerability details – vuln.today

Back