CVE-2026-40972 | Vmware Spring Boot up to 4.0.5 DevTools timing discrepancy

A vulnerability was found in Vmware Spring Boot up to 2.7.32/3.3.18/3.4.15/3.5.13/4.0.5 and classified as problematic. Affected by this issue is some unknown functionality of the component DevTools. Such manipulation leads to observable timing discrepancy.

This vulnerability is listed as CVE-2026-40972. The attack must be carried out from within the local network. There is no available exploit.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More