VDB
DEBIAN-CVE-2026-22735
DEBIAN-CVE-2026-22735
PUBLISHED
CVSS 2.5999999046325684 LOW
Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.
Risk Scores
CVSS 3.1
2.5999999046325684
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | libspring-java | 0, 4.3.30-4, 4.3.30-3 |
| Debian:11 | libspring-java | 4.3.30-1, 0, 4.3.30-2 |
| Debian:12 | libspring-java | 0, 4.3.30-2, 4.3.30-3 |
| Debian:14 | libspring-java | 0, 4.3.30-3, 4.3.30-4 |
Timeline
- Mar 20, 2026 CVE Published
- Apr 28, 2026 CVE Updated