CVE
CVE-2026-22741
| CVE ID |
CVE-2026-22741
|
|---|---|
| CVSS Score |
3.1
|
| Operating System | |
| Affected Versions |
Spring Framework
|
| Patched Versions |
6.1.28-OL
|
| Patch Date |
|
| Last Updated Date | |
| Vector String |
Additional Information
OL CVE Issue Summary:
Fixed inconsistent resolution of accepted encodings across resource resolvers in Spring WebMVC and Spring WebFlux. Different resolver implementations were independently reading accepted codings from the HTTP request, which could lead to resolution errors and desynchronization between EncodedResourceResolver and CachingResourceResolver. A shared resolution method has been introduced in EncodedResourceResolver (both Servlet and Reactive) to ensure consistent and secure encoding negotiation.