CVE-2026-22737 Java — Exploit & Vulnerability Details MEDIUM

Parameter	Value
CVSS	5.9 (MEDIUM)
Affected Versions	7.0.0 — 7.0.5
Vendor	Java
Public PoC	No

Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

High

Difficult to exploit

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

None

No data modification

Availability

None

No disruption

CVSS Vector v3.1

References 1

https://spring.io/security/cve-2026-22737

security@vmware.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-33013

Java

8.2

CVE-2026-33012

Java

7.5

CVE-2026-32939

Java

7.7

CVE-2026-3511

Java

8.6

CVE-2026-32735

Java

2.3

Menu

CVE-2026-22737

Attack Parameters

Impact Assessment

CVSS Vector v3.1

References 1

Related Vulnerabilities

CVE-2026-33013

CVE-2026-33012

CVE-2026-32939

CVE-2026-3511

CVE-2026-32735

CVE Details

Editor's Choice

Menu

CVE-2026-22737

Attack Parameters

Impact Assessment

CVSS Vector v3.1

References 1

Related Vulnerabilities

CVE-2026-33013

CVE-2026-33012

CVE-2026-32939

CVE-2026-3511

CVE-2026-32735

CVE Details

Editor's Choice

Stay informed on cybersecurity