What is the CVSS score of EUVD-2026-35332?

EUVD-2026-35332 has a CVSS 3.1 base score of 4.2 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for EUVD-2026-35332?

Yes, a patch is available for EUVD-2026-35332. Update the affected software to the latest version immediately.

Spring Framework EUVD-2026-35332

| CVE-2026-41844 MEDIUM

URL Redirection to Untrusted Site (Open Redirect) (CWE-601)

2026-06-09 vmware

GHSA-h3qp-gqrc-q736

Open Redirect Java

4.2

CVSS 3.1 · NVD

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Patch available

Jun 09, 2026 - 06:01 EUVD

Analysis Generated

Jun 09, 2026 - 05:24 vuln.today

DescriptionNVD

A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix.

Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

AnalysisAI

Open redirect in Spring Framework (Spring MVC and Spring WebFlux) across four major version branches enables unauthenticated remote attackers to craft URLs that cause the application to issue a 302 HTTP redirect to an arbitrary attacker-controlled external host. The vulnerability is conditionally exploitable - requiring a catch-all wildcard route mapping without an explicit view name - and demands user interaction to trigger. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon

Identify Spring app with '/**' wildcard route

Delivery

Craft URL embedding 'redirect:' view name prefix

Exploit

Deliver phishing link to target victim

Install

Victim clicks link, browser sends crafted HTTP request

Spring view resolver processes 'redirect:' prefix

Execute

Application issues 302 redirect to attacker host

Impact

Victim lands on attacker-controlled phishing page

Recon

Identify Spring app with '/**' wildcard route

Delivery

Craft URL embedding 'redirect:' view name prefix

Exploit

Deliver phishing link to target victim

Install

Victim clicks link, browser sends crafted HTTP request

Spring view resolver processes 'redirect:' prefix

Execute

Application issues 302 redirect to attacker host

Impact

Victim lands on attacker-controlled phishing page

Vulnerability AssessmentAI

Exploitation	Two specific application-side conditions must be simultaneously true: (1) the Spring MVC or Spring WebFlux application must define a route handler mapped to '/**' (a catch-all wildcard path), AND (2) that handler must not explicitly specify a return view name, allowing user-supplied request path or parameter data to be processed as a view name by the Spring view resolver. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	The CVSS 4.2 Medium score is backed by a vector of AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An attacker identifies a publicly accessible Spring MVC application with a wildcard '/**' mapping and no explicit view name in the controller. The attacker crafts a URL such as 'https://legitimate-app.example.com/redirect:https://attacker.com/phish' and embeds it in a phishing email or social engineering campaign targeting users of that application. …
Remediation	Upgrade Spring Framework to a version beyond the affected ranges per the vendor advisory at https://spring.io/security/cve-2026-41844 - consult that page directly for confirmed fixed release versions, as exact patch version numbers were not included in the provided input data and should not be assumed. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-48856 HIGH This Week

7.1 Jun 10

Credential leakage in Erlang/OTP's inets httpc client (versions 17.0 through 29.0.2, 28.5.0.2, and 27.3.4.13) allows att

CVE-2026-41706 MEDIUM This Month

6.1 Jun 10

Open redirect in Spring Security's cookie-based saved-request components allows remote unauthenticated attackers to redi

CVE-2026-11477 LOW Monitor POC

2.1 Jun 08

Open redirect in hs-web hsweb-framework's OAuth2Client component (versions up to 5.0.1) allows remote unauthenticated at

CVE-2026-41008 MEDIUM This Month

6.1 Jun 10

Spring Authorization Server's authorization endpoint fails to adequately validate the OAuth2/OIDC `request_uri` paramete

CVE-2026-21826 MEDIUM This Month

6.1 Jun 05

Host header injection in HCL Digital Experience and HCL Digital Experience Compose enables unauthenticated remote attack

EUVD-2026-35332 vulnerability details – vuln.today

Back