What is CVE-2026-41715?

CVE-2026-41715 is a medium-severity vulnerability, classified under Insufficiently Protected Credentials. CVSS score: 6.1/10. Published 2026-06-09.

How severe is CVE-2026-41715?

Medium severity. CVSS v3 base score is 6.1 out of 10.

CVE-2026-41715

CVE-2026-41715

In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects…

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Weakness classification (CWE)

CWE-522 — Insufficiently Protected Credentials

References

security@vmware.com

Frequently asked questions

What is CVE-2026-41715?: CVE-2026-41715 is a medium-severity vulnerability, classified under Insufficiently Protected Credentials. CVSS score: 6.1/10. Published 2026-06-09.
How severe is CVE-2026-41715?: Medium severity. CVSS v3 base score is 6.1 out of 10.