What is CVE-2026-22735?

CVE-2026-22735 is a low-severity vulnerability in Spring Foundation. CVSS score: 2.6/10. Published 2026-03-19.

How severe is CVE-2026-22735?

Low severity. CVSS v3 base score is 2.6 out of 10.

Vulnerability in Spring Foundation

CVE-2026-22735

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 t…

EPSS: 0.001 (25.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.6 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N.

Affected products

Spring Foundation — versions 7.0.0, 6.2.0, 6.1.0

References

spring.io/security/cve-2026-22735

Frequently asked questions

What is CVE-2026-22735?: CVE-2026-22735 is a low-severity vulnerability in Spring Foundation. CVSS score: 2.6/10. Published 2026-03-19.
How severe is CVE-2026-22735?: Low severity. CVSS v3 base score is 2.6 out of 10.