Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
2.6
Spring Server-Sent Events Can Corrupt Data Streams
CVE-2026-22735
Summary
Some Spring applications may experience data corruption when using a feature called Server-Sent Events. This can happen if you're using certain versions of the Spring Framework. To fix this, update to a non-affected version of the framework or apply a patch if available.
Original title
Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.1...
Original description
Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46.
nvd CVSS3.1
2.6
Published: 20 Mar 2026 · Updated: 20 Mar 2026 · First seen: 20 Mar 2026