Multiple Critical Vulnerabilities Discovered in Spring Framework Enabling Privilege Escalation and DoS Attacks

Multiple vulnerabilities were discovered in Spring on 28 April 2026, as reported by CERT-FR. These flaws enable attackers to achieve privilege escalation, remote denial-of-service (DoS), and data confidentiality breaches. The notice specifies no CVE identifiers, technical versions, or affected components beyond the Spring framework. The impacts include unauthorized access elevation, service disruption, and exposure of sensitive information. No additional details on exploitation methods or mitigation steps are provided in the advisory.