Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-22735

Опубликовано: 19 мар. 2026
Источник: redhat
CVSS3: 2.6

Описание

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.

A flaw was found in Spring MVC and WebFlux. A remote attacker with low privileges could exploit this vulnerability, requiring user interaction. This could lead to stream corruption, potentially affecting the integrity of data being transmitted.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat AMQ Broker 7spring-webmvcFix deferred
Red Hat build of Apache Camel for Spring Boot 4spring-webmvcFix deferred
Red Hat build of Apache Camel - HawtIO 4spring-webfluxFix deferred
Red Hat build of Apache Camel - HawtIO 4spring-webmvcFix deferred
Red Hat build of OptaPlanner 8spring-webmvcFix deferred
Red Hat Data Grid 8spring-webmvcFix deferred
Red Hat Enterprise Linux 8log4j:2/log4jFix deferred
Red Hat Enterprise Linux 8pki-core:10.6/resteasyFix deferred
Red Hat Enterprise Linux 8pki-deps:10.6/resteasyFix deferred
Red Hat Enterprise Linux 9log4jFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-115
https://bugzilla.redhat.com/show_bug.cgi?id=2449347org.springframework/spring-webmvc: org.springframework/spring-webflux: Spring MVC and WebFlux: Stream corruption vulnerability when using Server-Sent Events

2.6 Low

CVSS3

Связанные уязвимости

nvd логотип

CVE-2026-22735

CVSS3: 2.6
nvd
12 дней назад

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.

debian логотип

CVE-2026-22735

CVSS3: 2.6
debian
12 дней назад

Spring MVC and WebFlux applications are vulnerable to stream corruptio ...

github логотип

GHSA-6hcq-hmm3-jj3c

CVSS3: 2.6
github
12 дней назад

Spring MVC and WebFlux has Server Sent Event stream corruption

2.6 Low

CVSS3