Thymeleaf CVE-2026-41901
CRITICALSeverity by source
AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2Blast Radius
ecosystem impact- 471 maven packages depend on org.thymeleaf:thymeleaf (54 direct, 419 indirect)
- 3 maven packages depend on org.thymeleaf:thymeleaf-spring5 (3 direct, 0 indirect)
- 590 maven packages depend on org.thymeleaf:thymeleaf-spring6 (24 direct, 568 indirect)
Ecosystem-wide dependent count for version 3.1.5.RELEASE and other introduced versions.
DescriptionGitHub Advisory
Impact
A security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf up to and including 3.1.4.RELEASE. Although the library provides mechanisms to avoid the execution of potentially dangerous expressions in some specific sandboxed (restricted) contexts, it fails to properly neutralize specific constructs that allow this kind of expressions to be executed. If an application developer passes to the template engine unsanitized variables that contain such expressions, and these values are used in sandboxed contexts inside the templates, these expressions can be executed achieving Server-Side Template Injection (SSTI).
Patches
This has been fixed in Thymeleaf 3.1.5.RELEASE. All users are advised to upgrade immediately.
Workarounds
No workaround is available beyond ensuring applications do not pass unvalidated/unsanitized data directly to the template engine. Upgrading to 3.1.5.RELEASE is strongly recommended in any case.
AnalysisAI
Server-Side Template Injection (SSTI) in Thymeleaf 3.1.4.RELEASE and earlier allows remote attackers to execute arbitrary code via specially crafted expressions that bypass the template engine's sandbox restrictions. Applications passing unsanitized user input to sandboxed template contexts are vulnerable to full server compromise. Vendor-released patch is available in version 3.1.5.RELEASE. The CVSS 9.0 CRITICAL rating reflects the potential for remote code execution with high confidentiality, integrity, and availability impact, though the AC:H (high attack complexity) indicates exploitation requires specific application patterns where user input flows directly into sandboxed template contexts without validation.
Technical ContextAI
Thymeleaf is a widely-used Java template engine for web applications, particularly in Spring Framework ecosystems (Spring MVC, Spring Boot). The vulnerability (CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement) exists in Thymeleaf's expression language sandbox mechanism, which is designed to restrict dangerous operations when evaluating dynamic expressions in templates. The flaw allows attackers to craft specific expression constructs that evade the sandbox's neutralization logic, enabling execution of arbitrary Java code within the server's JVM context. Affected artifacts include org.thymeleaf:thymeleaf (core library), org.thymeleaf:thymeleaf-spring5, and org.thymeleaf:thymeleaf-spring6 (Spring Framework integrations) at versions 3.1.4.RELEASE and below. The CVSS vector AV:N indicates network-based exploitation, while S:C (scope changed) reflects that successful exploitation breaks out of the template engine's security boundary to impact the underlying application server.
RemediationAI
Vendor-released patch: Upgrade to Thymeleaf 3.1.5.RELEASE immediately for all affected artifacts (org.thymeleaf:thymeleaf, org.thymeleaf:thymeleaf-spring5, org.thymeleaf:thymeleaf-spring6). Update Maven/Gradle dependencies and rebuild applications. For Maven, update pom.xml dependency version to 3.1.5.RELEASE; for Gradle, update build.gradle to implementation 'org.thymeleaf:thymeleaf:3.1.5.RELEASE'. The vendor advisory at https://github.com/thymeleaf/thymeleaf/security/advisories/GHSA-c9ph-gxww-7744 confirms no workaround exists beyond patching. As defense-in-depth during patch rollout, implement strict input validation and sanitization for all data passed to template contexts-however, this is NOT a substitute for patching, as the sandbox bypass may circumvent application-level controls. For applications that cannot immediately upgrade, conduct urgent code review to identify any code paths where user-supplied data flows into Thymeleaf template variables used in sandboxed contexts; if found, disable the vulnerable features or restrict access to authenticated/privileged users only until patching is complete (trade-off: loss of dynamic template functionality or reduced user access). Do not rely on WAF or network controls-exploitation occurs within legitimate template processing.
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-c9ph-gxww-7744