CVE-2026-40986 | Vmware Spring Web Flow up to 2.5.1/3.0.1/4.0.0 cross site scripting

A vulnerability marked as problematic has been reported in Vmware Spring Web Flow up to 2.5.1/3.0.1/4.0.0. Impacted is an unknown function. Performing a manipulation results in cross site scripting.

This vulnerability was named CVE-2026-40986. The attack may be initiated remotely. There is no available exploit.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More