What is the CVSS score of EUVD-2026-35325?

EUVD-2026-35325 has a CVSS 3.1 base score of 4.8 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for EUVD-2026-35325?

Yes, a patch is available for EUVD-2026-35325. Update the affected software to the latest version immediately.

Spring Framework EUVD-2026-35325

| CVE-2026-41838 MEDIUM

Use of Insufficiently Random Values (CWE-330)

2026-06-09 vmware

GHSA-q723-847q-5g8g

Information Disclosure Java

4.8

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Patch available

Jun 09, 2026 - 06:01 EUVD

Analysis Generated

Jun 09, 2026 - 05:27 vuln.today

DescriptionNVD

IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules.

Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

AnalysisAI

Predictable WebSocket session IDs in the spring-websocket module of Spring Framework allow an authenticated remote attacker to potentially enumerate or infer valid session identifiers and hijack WebSocket connections - but only when the target application also implements inadequate authorization rules on its WebSocket endpoints. All actively maintained Spring Framework release lines are affected: 5.3.x, 6.1.x, 6.2.x, and 7.0.x. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate to target Spring application

Delivery

Collect sample of assigned WebSocket session IDs

Exploit

Analyze ID pattern to infer weak PRNG sequence (AC:H)

Execution

Induce victim user to establish active WebSocket session (UI:R)

Persist

Forge request using predicted victim session ID

Impact

Access confidential data from hijacked WebSocket session

Access

Authenticate to target Spring application

Delivery

Collect sample of assigned WebSocket session IDs

Exploit

Analyze ID pattern to infer weak PRNG sequence (AC:H)

Execution

Induce victim user to establish active WebSocket session (UI:R)

Persist

Forge request using predicted victim session ID

Impact

Access confidential data from hijacked WebSocket session

Vulnerability AssessmentAI

Exploitation	Exploitation requires three concurrent conditions to be met simultaneously. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 3.1 score of 4.8 (Medium) is grounded in a meaningful set of mitigating vector components: high attack complexity (AC:H) indicates that exploitation cannot be reliably automated and depends on conditions outside the attacker's direct control; low privileges are required (PR:L), ruling out fully unauthenticated attack paths; user interaction is required (UI:R), further limiting opportunistic exploitation; and impact is scoped entirely to confidentiality (C:H/I:N/A:N) with no integrity or availability effect. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An authenticated attacker targeting a Spring-based application with publicly accessible WebSocket endpoints could observe a sequence of session identifiers assigned to their own sessions or to other observable connections, infer the predictable generation pattern, and craft requests using a guessed victim session ID to access that user's WebSocket channel. This requires inducing some form of user interaction - likely having the victim establish an active WebSocket session - and the application must lack authorization checks that would reject a mismatched session claim. …
Remediation	The primary remediation is to upgrade to a patched release of Spring Framework; exact fix versions must be confirmed from the vendor advisory at https://spring.io/security/cve-2026-41838, as no specific patched version numbers were included in the available data. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-10771 MEDIUM This Month POC

5.5 Jun 03

Server-side request forgery in crmeb_java 1.4 allows remote unauthenticated attackers to manipulate the base64 Qrcode en

CVE-2026-25860 MEDIUM This Month POC

5.3 Jun 09

Reflected cross-site scripting in OpenClinic GA 5.351.19's DICOM image upload handler allows unauthenticated remote atta

CVE-2026-50076 CRITICAL Act Now

9.1 Jun 04

Unsafe deserialization in Apache Fory fory-core Java SDK versions prior to 1.1.0 allows remote attackers to bypass the f

CVE-2026-40128 CRITICAL Act Now

9.0 Jun 09

Path traversal in SAP NetWeaver Application Server Java's Web Container allows unauthenticated remote attackers to manip

CVE-2026-41855 HIGH This Week

8.1 Jun 09

Unsafe deserialization in Spring Framework's JMS message converters (MappingJackson2MessageConverter and JacksonJsonMess

EUVD-2026-35325 vulnerability details – vuln.today

Back