All 8 CVE vulnerabilities found in Spring Web Services, with AI-generated Chinese analysis, references, and POCs.
Vendor: Spring
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-41000 | WSS4J validation does not use configured replay cache CWE-294 | 3.7 | Low | 2026-06-11 |
| CVE-2026-40999 | Spring WS SSRF via unvalidated WS-Addressing reply destinations CWE-918 | 8.6 | High | 2026-06-11 |
| CVE-2026-40998 | Jaxp13 XPath XXE via StreamSource and SAXSource CWE-611 | 8.2 | High | 2026-06-11 |
| CVE-2026-40997 | SOAP security faults leak Spring Security account state CWE-209 | 5.3 | Medium | 2026-06-11 |
| CVE-2026-40996 | Inbound WS-Security allows RSA PKCS#1 v1.5 key transport by default CWE-327 | 4.8 | Medium | 2026-06-11 |
| CVE-2026-40995 | X.509 authentication bypasses Spring Security account checks CWE-287 | 5.4 | Medium | 2026-06-11 |
| CVE-2026-40994 | Wss4jSecurityInterceptor disables WS-I BSP validation by default CWE-1188 | 8.2 | High | 2026-06-11 |
| CVE-2019-3773 | Spring Web Services XML External Entity Injection (XXE) CWE-611 | 9.8 | - | 2019-01-18 |
All 8 known CVE vulnerabilities affecting Spring Web Services with full Chinese analysis, references, and POCs where available.