Thymeleaf Org.thymeleaf:thymeleaf-spring5
2 CVEs affecting Thymeleaf Org.thymeleaf:thymeleaf-spring5. Latest disclosed: 2026-04-17. Critical: 2, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-40478 | Critical | 9.1 | 2026-04-17 | Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability i… |
CVE-2026-40477 | Critical | 9.1 | 2026-04-17 | Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability i… |