What is CVE-2026-44242?

CVE-2026-44242 is a low-severity vulnerability in Micronaut-projects Micronaut-core, classified under Uncontrolled Resource Consumption. CVSS score: 3.7/10. Published 2026-05-12.

How severe is CVE-2026-44242?

Low severity. CVSS v3 base score is 3.7 out of 10.

Resource exhaustion in Micronaut-projects Micronaut-core

CVE-2026-44242

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Prior to 4.10.22, the bundleCache is keyed by (Locale, baseName) where the locale originates from the HTTP Accept…

Vulnerability class: DoS (Denial of Service)

EPSS: 0.000 (15.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L.

Affected products

Micronaut-projects Micronaut-core — versions < 4.10.22

Weakness classification (CWE)

CWE-400 — Uncontrolled Resource Consumption

References

security-advisories@github.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2026-44242?: CVE-2026-44242 is a low-severity vulnerability in Micronaut-projects Micronaut-core, classified under Uncontrolled Resource Consumption. CVSS score: 3.7/10. Published 2026-05-12.
How severe is CVE-2026-44242?: Low severity. CVSS v3 base score is 3.7 out of 10.