CVE-2026-22735 Spring — Exploit & Vulnerability Details LOW

CVE-2026-22735

LOW CVSS 3.1: 2.6 EPSS 0.03%

Parameter	Value
CVSS	2.6 (LOW)
Affected Versions	7.0.0 — 7.0.5
Type	CWE-667
Vendor	Spring
Public PoC	No

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

High

Difficult to exploit

Privileges Required

Low

Basic privileges needed

User Interaction

Required

User action required

Impact Assessment

Confidentiality

None

No data leak

Integrity

Low

Partial data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-667

References 1

https://spring.io/security/cve-2026-22735

security@vmware.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-22733

Spring

8.2

CVE-2026-22732

Spring

9.1

CVE-2026-22731

Spring

8.2

CVE-2026-22730

Spring

8.8

CVE-2026-22729

Spring

8.6

Menu

CVE-2026-22735

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-22733

CVE-2026-22732

CVE-2026-22731

CVE-2026-22730

CVE-2026-22729

CVE Details

Editor's Choice

Menu

CVE-2026-22735

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 1

Related Vulnerabilities

CVE-2026-22733

CVE-2026-22732

CVE-2026-22731

CVE-2026-22730

CVE-2026-22729

CVE Details

Editor's Choice

Stay informed on cybersecurity