Summary

Spring Boot reports three vulnerabilities, including a critical authentication bypass (CVE-2026-40976) and flaws allowing session hijacking or remote code execution via timing attacks.

Take Action:

If you use Spring Boot, upgrade ASAP to a patched version (4.0.6, 3.5.14, 3.4.16, 3.3.19, or 2.7.33). Until patched, restrict access to your applications from trusted networks only and disable DevTools and Actuator endpoints in production.

Read the full article on BeyondMachines

This article was originally published on BeyondMachines