Risk Scores
CVSS v3.1
2.5999999046325684
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS Score
0.03%
7.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maven | org.springframework:spring-webmvc | 7.0.0-M1, 6.0.0, 5.3.0 |
| Spring | CLI VSCode Extension | 0.9.0 and older |
| Spring | Spring Foundation | 7.0.0, 6.2.0, 6.1.0 |
| Maven | org.springframework:spring-webflux | 6.2.0, 6.0.0, 5.3.0 |
Timeline
- Jan 14, 2026 PoC Published
- Jan 14, 2026 PoC Published
- Jan 15, 2026 PoC Published
- Mar 19, 2026 PoC Published
- Mar 19, 2026 CVE Published
- Mar 20, 2026 EPSS Score
- Mar 20, 2026 CVE Updated
- Mar 21, 2026 EPSS Score
- Mar 21, 2026 PoC Published
- Mar 22, 2026 EPSS Score
- Mar 22, 2026 Security Advisory
- Mar 23, 2026 EPSS Score
References
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37405 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37404 advisory
- https://spring.io/security/cve-2026-22732 advisory
- https://spring.io/security/cve-2026-22731 advisory
- https://spring.io/security/cve-2026-22733 advisory
- https://spring.io/security/cve-2026-22737 advisory
- https://spring.io/security/cve-2026-22735 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-22735 advisory
- https://github.com/spring-projects/spring-framework package
- https://spring.io/security/cve-2026-22718 url