CVE-2026-40998

HIGH EPSS 27.1%
Published Jun 11, 20262w ago · Modified Jun 23, 20261w ago
8.2 CVSS 3.1
High
Find Similar
Published Jun 11, 2026 2w ago
Last Modified Jun 23, 2026 1w ago

Description

Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled XML with the JDK's default DocumentBuilderFactory behavior instead of Spring's hardened parser configuration. Applications that evaluate XPath against untrusted XML payloads could therefore be exposed to XML External Entity (XXE) style attacks. Affected versions: Spring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8.

CVSS Details

Base Score
8.2
Exploitability
3.9
Impact
4.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
27.1% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-611

References 1

  • spring.io https://spring.io/security/cve-2026-40998

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.