CVE-2026-40975 — AI Deep Analysis Summary

🚨 **Vulnerability Essence**: Using `${random.value}`, `${random.int}`, `${random.long}` to generate **keys**. ⚠️ **Consequence**: Keys are predictable → **risk of leakage**.…

🔍 **Root Cause**: - Use of **weak pseudo-random number generator** (weak PRNG). - Injected via **random value property source**. - ❌ `${random.value}` / `${random.int}` / `${random.long}` are unsuitable for keys.…

📦 **Affected Versions**: - Spring Boot **4.0.0–4.0.5** (fixed in 4.0.6) - **3.5.0–3.5.13** (fixed in 3.5.14) - **3.4.0–3.4.15** (fixed in 3.4.16) - **3.3.0–3.3.18** (fixed in 3.3.19) - **2.7.0–2.7.32** (fixed i…

🕵️ **Attacker Capabilities**: - No special privileges required 🚪❌. - Can **predict keys** → access sensitive data 🗝️➡️📂. - May impersonate legitimate users or decrypt communications 🔓.

🎯 **Exploitation Threshold**: - **Low** ✅! - 🚫 No authentication needed. - Only requires the application to use weak random values as keys 🧪.

🔬 **Existing Exploit**: - ❌ No PoC available 📭. - ❌ No in-the-wild exploitation reports 📉. - But the principle is simple ➡️ easy to construct an attack 🧩.

🧰 **Self-Check Method**: - 🔎 Check configuration files/code for use of: - `${random.value}` - `${random.int}` - `${random.long}` to generate keys 🗝️.…

🛠️ **Official Fix**: - ✅ Fixed versions released: - 4.0.6, 3.5.14, 3.4.16, 3.3.19, 2.7.33 🎯. - 📢 Announcement at [spring.io/security/cve-2026-40975](https://spring.io/security/cve-2026-40975).

⏳ **When No Patch Available**: - 🚫 Disable `${random.value}` / `${random.int}` / `${random.long}` for key generation. - 💡 Switch to `${random.uuid}` or system secure random API 🔐.…

⏰ **Priority**: - 🟠 **Medium~High**! - CVSS: **Low/Impact** 🔻. - Easy to exploit + risk of key leakage 🚨. - Recommend **immediate investigation & upgrade** 🚀.