CVE-2026-41845

HIGH NVD

CVSS Score 7.1

Severity HIGH

Published Jun 09, 2026

Vendor unknown

Description

Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape() may lead to JavaScript code injection in the browser, potentially resulting in a cross-site scripting (XSS) vulnerability. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48.

References

https://spring.io/security/cve-2026-41845