Disk Space Consumption Vulnerability in Spring WebFlux Server Applications
CVE-2026-22740

NONE

Key Information:

Vendor: Vmware
Status: Spring Framework
Vendor: CVE Published:; 29 April 2026

What is CVE-2026-22740?

A vulnerability exists in Spring WebFlux server applications handling multipart requests, where temporary files may not be deleted after processing larger parts. This failure to remove temp files can be exploited to consume excessive disk space, potentially leading to service disruption and denial of service. This issue affects both supported and older, unsupported versions, highlighting the importance of regular updates and monitoring of system resources.

Affected Version(s)

Spring Framework 7.0.0

Spring Framework 7.0.0 < 7.0.7

Spring Framework 6.2.0 < 6.2.18

References

https://spring.io/security/cve-2026-22740

https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vect...

CVSS V3.1

Score:

Severity:

NONE

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 29, 2026
Vulnerability Reserved
Jan 9, 2026

CVE-2026-22740 Data

JSON

Vmware

What is CVE-2026-22740?

Affected Version(s)

References

CVSS V3.1

Timeline