CVE-2026-40987 - CERT CVE

  1. CVE-2026-40987

ID CVE-2026-40987
Sažetak A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem (outside the configured local-directory) with attacker-controlled content. Affected versions: Spring Integration 7.0.0 through 7.0.4; 6.5.0 through 6.5.8; 6.4.0 through 6.4.11; 6.3.0 through 6.3.14; 5.5.0 through 5.5.20.
Reference
CVSS
Base: 7.1
Impact: 5.3
Exploitability:1.3
Pristup
VektorSloženostAutentikacija
NETWORK HIGH LOW
Impact
PovjerljivostCjelovitostDostupnost
LOW HIGH LOW
CVSS vektor CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L
Zadnje važnije ažuriranje 11-06-2026 - 15:21
Objavljeno 11-06-2026 - 07:16