CVE-2026-22737

Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://spring.io/security/cve-2026-22737	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vmware:spring_framework::::::::
	cpe:2.3:a:vmware:spring_framework::::::::
	cpe:2.3:a:vmware:spring_framework::::::::
	cpe:2.3:a:vmware:spring_framework::::::::

History

23 Apr 2026, 14:20

Type	Values Removed	Values Added
References	~~() https://spring.io/security/cve-2026-22737 -~~	() https://spring.io/security/cve-2026-22737 - Vendor Advisory
First Time		Vmware spring Framework Vmware
CPE		cpe:2.3:a:vmware:spring_framework::::::::
Summary		(es) El uso de vistas de plantilla con motor de scripting de Java habilitado (p. ej., JRuby, Jython) en aplicaciones Spring MVC y Spring WebFlux puede resultar en la divulgación de contenido de archivos fuera de las ubicaciones configuradas para las vistas de plantilla de script. Este problema afecta a Spring framework: de 7.0.0 a 7.0.5, de 6.2.0 a 6.2.16, de 6.1.0 a 6.1.25, de 5.3.0 a 5.3.46.

20 Mar 2026, 15:16

Type	Values Removed	Values Added
CWE		CWE-22

20 Mar 2026, 00:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-20 00:16

Updated : 2026-04-23 14:20

NVD link : CVE-2026-22737

Mitre link : CVE-2026-22737

CVE.ORG link : CVE-2026-22737

JSON object : View

Products Affected

vmware

spring_framework

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2026-22737", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@vmware.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2026-03-20T00:16:15.837", "references": [{"url": "https://spring.io/security/cve-2026-22737", "tags": ["Vendor Advisory"], "source": "security@vmware.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views.\u00a0This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46."}, {"lang": "es", "value": "El uso de vistas de plantilla con motor de scripting de Java habilitado (p. ej., JRuby, Jython) en aplicaciones Spring MVC y Spring WebFlux puede resultar en la divulgaci\u00f3n de contenido de archivos fuera de las ubicaciones configuradas para las vistas de plantilla de script. Este problema afecta a Spring framework: de 7.0.0 a 7.0.5, de 6.2.0 a 6.2.16, de 6.1.0 a 6.1.25, de 5.3.0 a 5.3.46."}], "lastModified": "2026-04-23T14:20:14.110", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4FC0718-4A47-49D5-B623-285871B5135F", "versionEndExcluding": "5.3.47"}, {"criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08D94F4A-EDD9-4CA2-836A-D61B17A4E894", "versionEndExcluding": "6.1.26", "versionStartIncluding": "6.1.0"}, {"criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1168AB82-987E-473E-8485-DE606AF254EB", "versionEndExcluding": "6.2.17", "versionStartIncluding": "6.2.0"}, {"criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1CA275C7-33A7-49A2-ADE8-0ABF81E00327", "versionEndExcluding": "7.0.6", "versionStartIncluding": "7.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@vmware.com"}