Description
A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space.

Older, unsupported versions are also affected.
Published: 2026-04-29
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A Spring WebFlux application that handles multipart requests creates temporary files for parts larger than 10 KB. In certain circumstances those temp files are not removed after the request completes, allowing an attacker to deliberately consume all available disk space. This vulnerability corresponds to CWE‑400 and results in a denial‑of‑service condition by exhausting storage resources.

Affected Systems

The affected product is VMware Spring Framework. Older, unsupported versions are also vulnerable, though specific version numbers are not listed in the advisory.

Risk and Exploitability

The likely attack vector is an unauthenticated, network‑based HTTP multipart request. The CVSS score of 6.5 indicates moderate severity. Because the EPSS score is less than 1% and the vulnerability is not listed in the CISA KEV catalog, the precise exploitation likelihood appears low, but an attacker could repeatedly submit multipart payloads that leave residual temp files and consume disk space, causing a denial‑of‑service. The lack of automatic cleanup provides a straightforward attack path that does not require privileged access, making it a risk for any publicly accessible WebFlux service.

Generated by OpenCVE AI on April 29, 2026 at 17:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Spring Framework patch that ensures temporary multipart files are deleted after processing.
  • Upgrade to a supported, non‑vulnerable release of Spring Framework.
  • Configure the application to limit or deny multipart requests exceeding a safe size threshold, or suppress temp file creation for large parts.

Generated by OpenCVE AI on April 29, 2026 at 17:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 29 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N'}

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

Wed, 29 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Vmware
Vmware spring Framework
Vendors & Products Vmware
Vmware spring Framework

Wed, 29 Apr 2026 11:30:00 +0000

Type Values Removed Values Added
Description A WebFlux server application that processes multipart requests creates temp files for parts larger than 10 K. Under some circumstances, temp files may remain not deleted after the request is fully processed. This allows an attacker to consume available disk space. Older, unsupported versions are also affected.
Title Spring Framework DoS with Multipart Temp Files in WebFlux
Weaknesses CWE-400
References
Metrics cvssV3_1

{'score': 0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N'}

Subscriptions

Vmware Spring Framework
cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published:

Updated: 2026-04-29T14:00:50.573Z

Reserved: 2026-01-09T06:54:49.675Z

Link: CVE-2026-22740

cve-icon Vulnrichment

Updated: 2026-04-29T11:56:11.419Z

cve-icon NVD

Status : Received

Published: 2026-04-29T12:16:18.333

Modified: 2026-04-29T15:16:05.027

Link: CVE-2026-22740

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T17:15:16Z

Weaknesses