CVE-2026-40972_CVE-2026-40972

7.5 / 10

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading changed classes, thereby achieving remote code execution in the remote application.

Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); DevTools remote secret comparison. Versions that are no longer supported are also affected per vendor advisory.

Basic Information

ID CVE-2026-40972

Source vmware

Published Apr 27, 2026 at 23:15

Affected Product

Vendor Spring

Product Spring Boot

Version 4.0.0

Affected Versions Spring Spring Boot 4.0.0
Spring Spring Boot 3.5.0
Spring Spring Boot 3.4.0
Spring Spring Boot 3.3.0
Spring Spring Boot 2.7.0

CWE Classification

CWE-208

References

spring.io /security/cve-2026-40972

{
    "lastseen": "",
    "description": "An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading changed classes, thereby achieving remote code execution in the remote application.\n\nAffected: Spring Boot 4.0.0\u20134.0.5 (fix 4.0.6), 3.5.0\u20133.5.13 (fix 3.5.14), 3.4.0\u20133.4.15 (fix 3.4.16), 3.3.0\u20133.3.18 (fix 3.3.19), 2.7.0\u20132.7.32 (fix 2.7.33); DevTools remote secret comparison. Versions that are no longer supported are also affected per vendor advisory.",
    "published": "2026-04-27T23:15:19.194Z",
    "modified": "2026-04-27T23:15:19.194Z",
    "type": "cve",
    "title": "CVE-2026-40972",
    "source": "vmware",
    "references": "https://spring.io/security/cve-2026-40972",
    "id": "CVE-2026-40972",
    "bulletinFamily": "",
    "cwe": [
        "CWE-208"
    ],
    "cvelist": null,
    "sourceData": "Spring Spring Boot 4.0.0\nSpring Spring Boot 3.5.0\nSpring Spring Boot 3.4.0\nSpring Spring Boot 3.3.0\nSpring Spring Boot 2.7.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Spring Boot",
    "version": "4.0.0",
    "vendor": "Spring",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}