What is CVE-2026-41839?

CVE-2026-41839 is a medium-severity vulnerability, classified under Session Fixation. CVSS score: 4.2/10. Published 2026-06-09.

How severe is CVE-2026-41839?

Medium severity. CVSS v3 base score is 4.2 out of 10.

CVE-2026-41839

CVE-2026-41839

A WebFlux application with a compromised subdomain (for example, compromised via cross-site scripting (XSS)) is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user. Affected versions: Spring…

CVSS v3 metric

CVSS v3 base score 4.2 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N.

Weakness classification (CWE)

CWE-384 — Session Fixation

References

security@vmware.com

Frequently asked questions

What is CVE-2026-41839?: CVE-2026-41839 is a medium-severity vulnerability, classified under Session Fixation. CVSS score: 4.2/10. Published 2026-06-09.
How severe is CVE-2026-41839?: Medium severity. CVSS v3 base score is 4.2 out of 10.