CVE-2026-41849

HIGH NVD

CVSS Score 7.5

Severity HIGH

Published Jun 09, 2026

Vendor unknown

Description

An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language (SpEL). An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service (DoS). Affected versions: Spring Framework 5.3.0 through 5.3.48.

References

https://spring.io/security/cve-2026-41849