What is CVE-2026-40997?

CVE-2026-40997 is a medium-severity vulnerability, classified under Generation of Error Message Containing Sensitive Information. CVSS score: 5.3/10. Published 2026-06-11.

How severe is CVE-2026-40997?

Medium severity. CVSS v3 base score is 5.3 out of 10.

CVE-2026-40997

CVE-2026-40997

Several Spring WS integration paths with Spring Security could surface detailed account state (for example locked or disabled user semantics) to remote SOAP clients through exception messages or callback outcomes, instead of failing with g…

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Weakness classification (CWE)

CWE-209 — Generation of Error Message Containing Sensitive Information

References

security@vmware.com

Frequently asked questions

What is CVE-2026-40997?: CVE-2026-40997 is a medium-severity vulnerability, classified under Generation of Error Message Containing Sensitive Information. CVSS score: 5.3/10. Published 2026-06-11.
How severe is CVE-2026-40997?: Medium severity. CVSS v3 base score is 5.3 out of 10.