CVE-2026-22737
Received Received - Intake
Information Disclosure via Java Scripting in Spring Framework Templates

Publication date: 2026-03-20

Last updated on: 2026-04-23

Assigner: VMware

Description
Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views.Β This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-20
Last Modified
2026-04-23
Generated
2026-05-07
AI Q&A
2026-03-20
EPSS Evaluated
2026-05-05
NVD
CVE-2026-22737
EUVD
EUVD-2026-13406
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
vmware spring_framework to 5.3.47 (exc)
vmware spring_framework From 6.1.0 (inc) to 6.1.26 (exc)
vmware spring_framework From 6.2.0 (inc) to 6.2.17 (exc)
vmware spring_framework From 7.0.0 (inc) to 7.0.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

[{'type': 'paragraph', 'content': 'CVE-2026-22737 is a medium-severity vulnerability in the Spring Framework that affects versions 5.3.0 to 5.3.46, 6.1.0 to 6.1.25, 6.2.0 to 6.2.16, and 7.0.0 to 7.0.5. It occurs when Java scripting engines like JRuby or Jython are enabled for template views in Spring MVC and Spring WebFlux applications.'}, {'type': 'paragraph', 'content': "The issue arises if the application has a mapping for the path pattern '/**' that leads to view rendering without explicitly specifying the view name. This causes improper path limitation, allowing disclosure of content from files outside the configured script template view locations."}, {'type': 'paragraph', 'content': 'In other words, sensitive files outside the intended directories can be accessed and exposed due to this flaw.'}] [1]


How can this vulnerability impact me? :

This vulnerability can lead to unauthorized disclosure of sensitive information stored in files outside the intended script template view locations.

An attacker could exploit this flaw remotely over the network without requiring any privileges or user interaction.

The impact is primarily on confidentiality, as sensitive data could be exposed, but it does not affect integrity or availability.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate CVE-2026-22737, you should upgrade your Spring Framework to the fixed versions.

  • Upgrade to version 7.0.6 if you are using the 7.0.x branch.
  • Upgrade to version 6.2.17 if you are using the 6.2.x branch.
  • Upgrade to version 6.1.26 if you are using the 6.1.x branch (commercial).
  • Upgrade to version 5.3.47 if you are using the 5.3.x branch (commercial).

No additional mitigation steps are necessary beyond upgrading.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart