VDB

DEBIAN-CVE-2026-22735

DEBIAN-CVE-2026-22735 PUBLISHED CVSS 2.5999999046325684 LOW

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.

Risk Scores

CVSS 3.1
2.5999999046325684
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N

Affected Products

VendorProductVersions
Debian:13libspring-java0, 4.3.30-4, 4.3.30-3
Debian:11libspring-java4.3.30-1, 0, 4.3.30-2
Debian:12libspring-java0, 4.3.30-2, 4.3.30-3
Debian:14libspring-java0, 4.3.30-3, 4.3.30-4

Timeline

  • Mar 20, 2026 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›