Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-41839

Summary
Assigner-vmware
Assigner Org ID-dcf2e128-44bd-42ed-91e8-88f912c1401d
Published At-09 Jun, 2026 | 03:49
Updated At-09 Jun, 2026 | 13:30
Rejected At-
Credits

Spring Framework Escalation via Session Fixation in WebFlux

A WebFlux application with a compromised subdomain (for example, compromised via cross-site scripting (XSS)) is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:vmware
Assigner Org ID:dcf2e128-44bd-42ed-91e8-88f912c1401d
Published At:09 Jun, 2026 | 03:49
Updated At:09 Jun, 2026 | 13:30
Rejected At:
â–¼CVE Numbering Authority (CNA)
Spring Framework Escalation via Session Fixation in WebFlux

A WebFlux application with a compromised subdomain (for example, compromised via cross-site scripting (XSS)) is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

Affected Products
Vendor
VMware (Broadcom Inc.)Spring
Product
Spring Framework
Default Status
unaffected
Versions
Affected
  • From 7.0.0 before 7.0.8 (custom)
  • From 6.2.0 before 6.2.19 (custom)
  • From 6.1.0 before 6.1.28 (custom)
  • From 5.3.0 before 5.3.49 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-384CWE-384: Session Fixation
Type: CWE
CWE ID: CWE-384
Description: CWE-384: Session Fixation
Metrics
VersionBase scoreBase severityVector
3.14.2MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Version: 3.1
Base score: 4.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
N/AA WebFlux application with a compromised subdomain is vulnerable to a session fixation escalation attack that allows an attacker to exchange a known session ID for that of an authenticated user.
CAPEC ID: N/A
Description: A WebFlux application with a compromised subdomain is vulnerable to a session fixation escalation attack that allows an attacker to exchange a known session ID for that of an authenticated user.
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://spring.io/security/cve-2026-41839
N/A
Hyperlink: https://spring.io/security/cve-2026-41839
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@vmware.com
Published At:09 Jun, 2026 | 05:16
Updated At:09 Jun, 2026 | 05:16

A WebFlux application with a compromised subdomain (for example, compromised via cross-site scripting (XSS)) is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.2MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 4.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-384Secondarysecurity@vmware.com
CWE ID: CWE-384
Type: Secondary
Source: security@vmware.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://spring.io/security/cve-2026-41839security@vmware.com
N/A
Hyperlink: https://spring.io/security/cve-2026-41839
Source: security@vmware.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

6Records found
CVE-2026-41844
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-4.2||MEDIUM
EPSS-0.03% / 8.02%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 03:50
Updated-09 Jun, 2026 | 13:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spring Framework Open Redirect in Spring MVC and WebFlux

A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-Spring Framework
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CVE-2026-41854
Matching Score-8
Assigner-VMware by Broadcom
ShareView Details
Matching Score-8
Assigner-VMware by Broadcom
CVSS Score-4.2||MEDIUM
EPSS-0.03% / 8.02%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 03:51
Updated-09 Jun, 2026 | 13:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spring Framework Server-Side Request Forgery via UriComponentsBuilder

Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery (SSRF) attack. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18.

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-Spring Framework
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2024-48929
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.2||MEDIUM
EPSS-0.66% / 71.55%
||
7 Day CHG~0.00%
Published-22 Oct, 2024 | 15:54
Updated-25 Oct, 2024 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Umbraco CMS Has Incomplete Server Termination During Explicit Sign-Out

Umbraco is a free and open source .NET content management system. In versions on the 13.x branch prior to 13.5.2 and versions on the 10.x branch prior to 10.8.7, during an explicit sign-out, the server session is not fully terminated. Versions 13.5.2 and 10.8.7 contain a patch for the issue.

Action-Not Available
Vendor-Umbraco A/S (Umbraco)
Product-umbraco_cmsUmbraco-CMS
CWE ID-CWE-384
Session Fixation
CVE-2022-4231
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-4.2||MEDIUM
EPSS-0.21% / 43.95%
||
7 Day CHG~0.00%
Published-30 Nov, 2022 | 00:00
Updated-15 Apr, 2025 | 13:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tribal Systems Zenario CMS Remember Me session fixiation

A vulnerability, which was classified as problematic, has been found in Tribal Systems Zenario CMS 9.3.57595. This issue affects some unknown processing of the component Remember Me Handler. The manipulation leads to session fixiation. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214589 was assigned to this vulnerability.

Action-Not Available
Vendor-tribalsystemsTribal Systems
Product-zenarioZenario CMS
CWE ID-CWE-384
Session Fixation
CVE-2025-53021
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.2||MEDIUM
EPSS-0.49% / 65.82%
||
7 Day CHG~0.00%
Published-24 Jun, 2025 | 00:00
Updated-09 Jul, 2025 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A session fixation vulnerability in Moodle 3.x through 3.11.18 allows unauthenticated attackers to hijack user sessions via the sesskey parameter. The sesskey can be obtained without authentication and reused within the OAuth2 login flow, resulting in the victim's session being linked to the attacker's. Successful exploitation results in full account takeover. According to the Moodle Releases page, "Bug fixes for security issues in 3.11.x ended 11 December 2023." NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Action-Not Available
Vendor-Moodle Pty Ltd
Product-moodleMoodle
CWE ID-CWE-384
Session Fixation
CVE-2024-2260
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-4.2||MEDIUM
EPSS-0.08% / 24.21%
||
7 Day CHG~0.00%
Published-16 Apr, 2024 | 00:00
Updated-12 Jun, 2025 | 23:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Session Fixation Vulnerability in zenml-io/zenml

A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token.

Action-Not Available
Vendor-zenmlzenml-iozenmlio
Product-zenmlzenml-io/zenmlzenml
CWE ID-CWE-384
Session Fixation
Details not found