Thymeleaf Org.Thymeleaf Thymeleaf-Spring5 vulnerabilities
2 known vulnerabilities affecting thymeleaf/org.thymeleaf_thymeleaf-spring5.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2026-40477CRITICALCVSS 9.0fixed in 3.1.4.RELEASE2026-04-17
CVE-2026-40477 [CRITICAL] CWE-917 CVE-2026-40477: Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.
Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it fails to properly restrict the scope of accessible objects, allowing speci
nvdredhat
CVE-2026-40478CRITICALCVSS 9.0fixed in 3.1.4.RELEASE2026-04-17
CVE-2026-40478 [CRITICAL] CWE-917 CVE-2026-40478: Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.
Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it fails to properly neutralize specific syntax patterns that allow for t
nvdredhat