CVE-2026-40972

CVE

High

An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote s…

CVSS

7.5

High

EPSS

0.00

p19

Published

2026-01-01

Updated

2026-01-01

Description

An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading changed classes, thereby achieving remote code execution in the remote application. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); DevTools remote secret comparison. Versions that are no longer supported are also affected per vendor advisory.

Tags · CWE

CWE-208

CAPEC-462

CAPEC-541

CAPEC-580

Affected products

Spring_boot < 2.7.33Spring_boot 3.3.0–3.3.19Spring_boot 3.4.0–3.4.16Spring_boot 3.5.0–3.5.14Spring_boot 4.0.0–4.0.6

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

2026-01-01

Published

2026-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: A

Adjacent Network (A)

Attack Complexity

AC: H

High (H)

Privileges Required

PR: N

None (N)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: H

High (H)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.003 · p19

Known exploited (KEV)

MITRE ATT&CK

Inferred via CAPEC

T1082System Information Discovery

└ via CAPEC-580 · CWE-208

T1592.002Software

└ via CAPEC-541 · CWE-208

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected products

Vmware

Spring Boot

Product	Vendor	Status
spring_boot	*	Tracked

Source databases

CVE

External references

https://spring.io/security/cve-2026-40972