CVE-2026-40977_CVE-2026-40977

4.7 / 10

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H

Description

When an application is configured to use `ApplicationPidFileWriter`, a local attacker with write access to the PID file's location can corrupt one file on the host each time the application is started.

Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); PID file / symlink behavior (`ApplicationPidFileWriter`). Versions that are no longer supported are also affected per vendor advisory.

Basic Information

ID CVE-2026-40977

Source vmware

Published Apr 27, 2026 at 23:36

Affected Product

Vendor Spring

Product Spring Boot

Version 4.0.0

Affected Versions Spring Spring Boot 4.0.0
Spring Spring Boot 3.5.0
Spring Spring Boot 3.4.0
Spring Spring Boot 3.3.0
Spring Spring Boot 2.7.0

CWE Classification

CWE-59

References

spring.io /security/cve-2026-40977

{
    "lastseen": "",
    "description": "When an application is configured to use `ApplicationPidFileWriter`, a local attacker with write access to the PID file's location can corrupt one file on the host each time the application is started.\n\nAffected: Spring Boot 4.0.0\u20134.0.5 (fix 4.0.6), 3.5.0\u20133.5.13 (fix 3.5.14), 3.4.0\u20133.4.15 (fix 3.4.16), 3.3.0\u20133.3.18 (fix 3.3.19), 2.7.0\u20132.7.32 (fix 2.7.33); PID file / symlink behavior (`ApplicationPidFileWriter`). Versions that are no longer supported are also affected per vendor advisory.",
    "published": "2026-04-27T23:36:06.654Z",
    "modified": "2026-04-27T23:36:06.654Z",
    "type": "cve",
    "title": "CVE-2026-40977",
    "source": "vmware",
    "references": "https://spring.io/security/cve-2026-40977",
    "id": "CVE-2026-40977",
    "bulletinFamily": "",
    "cwe": [
        "CWE-59"
    ],
    "cvelist": null,
    "sourceData": "Spring Spring Boot 4.0.0\nSpring Spring Boot 3.5.0\nSpring Spring Boot 3.4.0\nSpring Spring Boot 3.3.0\nSpring Spring Boot 2.7.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.7,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Spring Boot",
    "version": "4.0.0",
    "vendor": "Spring",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}