CyberRota
← Ana sayfaya dön

CVE-2026-41844

MEDIUM · CVSS 4.2 EPSS %0.13

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-09T05:16:36.440 · Çekilme zamanı: 2026-06-30T18:15:04.688328+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

CVE
CVE-2026-41844
Severity
MEDIUM
CVSS
4.2
EPSS
%0.13

Orijinal NVD Açıklaması

A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an arbitrary external host via the redirect: prefix. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.