VDB
GHSA-wwpq-f5c3-7hvx
GHSA-wwpq-f5c3-7hvx
PUBLISHED
CVSS 7 HIGH
Spring Boot accepts predictable temp directory without ownership verification
Risk Scores
CVSS 3.1
7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Maven | org.springframework.boot:spring-boot | 4.0.0, 3.5.0, 3.4.0 |
Timeline
- Apr 28, 2026 CVE Published
- May 7, 2026 Security Advisory
- May 8, 2026 CVE Updated