Skip to main content

Thymeleaf CVE-2026-41901

CRITICAL
Improper Neutralization of Special Elements used in an Expression Language Statement (CWE-917)
2026-05-04 https://github.com/thymeleaf/thymeleaf GHSA-c9ph-gxww-7744
9.0
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
9.0 CRITICAL
AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Source Code Evidence Fetched
May 04, 2026 - 21:45 vuln.today
Analysis Generated
May 04, 2026 - 21:45 vuln.today

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 471 maven packages depend on org.thymeleaf:thymeleaf (54 direct, 419 indirect)
  • 3 maven packages depend on org.thymeleaf:thymeleaf-spring5 (3 direct, 0 indirect)
  • 590 maven packages depend on org.thymeleaf:thymeleaf-spring6 (24 direct, 568 indirect)

Ecosystem-wide dependent count for version 3.1.5.RELEASE and other introduced versions.

DescriptionGitHub Advisory

Impact

A security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf up to and including 3.1.4.RELEASE. Although the library provides mechanisms to avoid the execution of potentially dangerous expressions in some specific sandboxed (restricted) contexts, it fails to properly neutralize specific constructs that allow this kind of expressions to be executed. If an application developer passes to the template engine unsanitized variables that contain such expressions, and these values are used in sandboxed contexts inside the templates, these expressions can be executed achieving Server-Side Template Injection (SSTI).

Patches

This has been fixed in Thymeleaf 3.1.5.RELEASE. All users are advised to upgrade immediately.

Workarounds

No workaround is available beyond ensuring applications do not pass unvalidated/unsanitized data directly to the template engine. Upgrading to 3.1.5.RELEASE is strongly recommended in any case.

AnalysisAI

Server-Side Template Injection (SSTI) in Thymeleaf 3.1.4.RELEASE and earlier allows remote attackers to execute arbitrary code via specially crafted expressions that bypass the template engine's sandbox restrictions. Applications passing unsanitized user input to sandboxed template contexts are vulnerable to full server compromise. Vendor-released patch is available in version 3.1.5.RELEASE. The CVSS 9.0 CRITICAL rating reflects the potential for remote code execution with high confidentiality, integrity, and availability impact, though the AC:H (high attack complexity) indicates exploitation requires specific application patterns where user input flows directly into sandboxed template contexts without validation.

Technical ContextAI

Thymeleaf is a widely-used Java template engine for web applications, particularly in Spring Framework ecosystems (Spring MVC, Spring Boot). The vulnerability (CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement) exists in Thymeleaf's expression language sandbox mechanism, which is designed to restrict dangerous operations when evaluating dynamic expressions in templates. The flaw allows attackers to craft specific expression constructs that evade the sandbox's neutralization logic, enabling execution of arbitrary Java code within the server's JVM context. Affected artifacts include org.thymeleaf:thymeleaf (core library), org.thymeleaf:thymeleaf-spring5, and org.thymeleaf:thymeleaf-spring6 (Spring Framework integrations) at versions 3.1.4.RELEASE and below. The CVSS vector AV:N indicates network-based exploitation, while S:C (scope changed) reflects that successful exploitation breaks out of the template engine's security boundary to impact the underlying application server.

RemediationAI

Vendor-released patch: Upgrade to Thymeleaf 3.1.5.RELEASE immediately for all affected artifacts (org.thymeleaf:thymeleaf, org.thymeleaf:thymeleaf-spring5, org.thymeleaf:thymeleaf-spring6). Update Maven/Gradle dependencies and rebuild applications. For Maven, update pom.xml dependency version to 3.1.5.RELEASE; for Gradle, update build.gradle to implementation 'org.thymeleaf:thymeleaf:3.1.5.RELEASE'. The vendor advisory at https://github.com/thymeleaf/thymeleaf/security/advisories/GHSA-c9ph-gxww-7744 confirms no workaround exists beyond patching. As defense-in-depth during patch rollout, implement strict input validation and sanitization for all data passed to template contexts-however, this is NOT a substitute for patching, as the sandbox bypass may circumvent application-level controls. For applications that cannot immediately upgrade, conduct urgent code review to identify any code paths where user-supplied data flows into Thymeleaf template variables used in sandboxed contexts; if found, disable the vulnerable features or restrict access to authenticated/privileged users only until patching is complete (trade-off: loss of dynamic template functionality or reduced user access). Do not rely on WAF or network controls-exploitation occurs within legitimate template processing.

Share

CVE-2026-41901 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy