Information disclosure in Vaadin Flow
CVE-2026-7860
A possible information disclosure vulnerability exists in the Vaadin Maven plugin and Vaadin Gradle plugin that exposes the full set of environment variables in build logs whenever the frontend build process exits with a non-zero status. B…
EPSS: 0.000 (3.8th percentile) — read the EPSS interpretation.
Affected products
- Vaadin Flow — versions 25.1.0, 23.0.0, 24.10.0