Local Directory Vulnerability in Spring Boot Products
CVE-2026-40973

7HIGH

Key Information:

Vendor: Spring
Status: Spring Boot
Vendor: CVE Published:; 27 April 2026

What is CVE-2026-40973?

A vulnerability exists in Spring Boot where a local attacker on the same host can gain control over the directory utilized by 'ApplicationTemp'. When the 'server.servlet.session.persistent' configuration is activated, the attacker may exploit this flaw to maintain access across application restarts. This could enable unauthorized reading of session information and ultimately lead to the hijacking of authenticated user sessions, or the execution of arbitrary code as the application's user through the deployment of a gadget chain.

Affected Version(s)

Spring Boot 4.0.0 < 4.0.6

Spring Boot 3.5.0 < 3.5.14

Spring Boot 3.4.0 < 3.4.16

References

https://spring.io/security/cve-2026-40973

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 27, 2026
Vulnerability Reserved
Apr 16, 2026

CVE-2026-40973 Data

JSON