EUVD-2026-35335
GHSA-vqgp-pf68-6947
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionNVD
Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL.
Affected versions: Spring Framework 5.3.0 through 5.3.48.
AnalysisAI
Security bypass in Spring WebFlux's Kotlin Router DSL (CWE-284: Improper Access Control) allows remote unauthenticated attackers to circumvent access control rules in Spring Framework 5.3.0 through 5.3.48. The CVSS vector (AV:N/AC:H/PR:N/UI:N) indicates network-reachable exploitation without authentication, though high attack complexity constrains opportunistic exploitation. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the target application to be built on Spring Framework 5.3.0-5.3.48, use the Spring WebFlux reactive stack (not Spring MVC), and define routes using the Kotlin Router DSL specifically. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS score of 4.8 (Medium) reflects a network-accessible, unauthenticated vector (AV:N/PR:N/UI:N) tempered by high attack complexity (AC:H) and limited scope (S:U, C:L/I:L/A:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker targeting a Spring WebFlux application that uses the Kotlin Router DSL and enforces access control via Spring Security sends crafted HTTP requests to endpoints that should be restricted by authorization rules. By exploiting the gap between the Kotlin DSL's route matching and the Spring Security filter chain, the attacker bypasses access control checks, gaining read or write access to restricted resources. … |
| Remediation | Patch available per vendor advisory at https://spring.io/security/cve-2026-41847; however, an exact patched release version was not present in the available data and cannot be confirmed independently - consult the Spring security advisory directly to identify the target upgrade version within or above the 5.3.x line. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Server-side request forgery in crmeb_java 1.4 allows remote unauthenticated attackers to manipulate the base64 Qrcode en
Reflected cross-site scripting in OpenClinic GA 5.351.19's DICOM image upload handler allows unauthenticated remote atta
Unsafe deserialization in Apache Fory fory-core Java SDK versions prior to 1.1.0 allows remote attackers to bypass the f
Path traversal in SAP NetWeaver Application Server Java's Web Container allows unauthenticated remote attackers to manip
Unsafe deserialization in Spring Framework's JMS message converters (MappingJackson2MessageConverter and JacksonJsonMess
Share
External POC / Exploit Code
Leaving vuln.today