Thymeleaf SSTI Bypass Enables Expression Injection in Spring Java Apps
A critical flaw tracked as CVE-2026-40478 allows attackers to bypass Thymeleaf’s expression-injection protections and achieve server-side template injection (SSTI) in applications that pass unvalidated user input into the template engine. The vulnerability affects Thymeleaf 3.1.3.RELEASE and earlier and stems from improper neutralization of syntax patterns in expression execution, including a whitespace parsing mismatch that let attackers evade detection of the SpEL new keyword and an incomplete type blocklist that still allowed dangerous class instantiation. The issue is mapped to CWE-917 and CWE-1336, with a published CVSS v3.1 vector of AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H.
Researchers said successful exploitation can enable arbitrary file writes and potentially remote code execution in Spring-based Java applications, where Thymeleaf is commonly used as the default template engine in Spring Boot. The flaw can be exploited remotely without authentication when attacker-controlled input reaches Thymeleaf expression parsing, view names, or fragment selectors. The issue is addressed in 3.1.4.RELEASE, which normalizes whitespace before checks, expands external-access detection, restricts dangerous expression objects, and tightens type restrictions; defenders are urged to upgrade thymeleaf, thymeleaf-spring5, and thymeleaf-spring6 and review applications to ensure untrusted input is never interpreted as template expressions.
Timeline
Apr 17, 2026
CVE-2026-40478 is published for Thymeleaf expression injection bypass
A CVE was published for a security bypass in Thymeleaf 3.1.3.RELEASE and earlier that can let an unauthenticated remote attacker achieve server-side template injection when applications pass unvalidated user input into template expressions. The issue was mapped to CWE-917 and CWE-1336 and referenced GitHub Security Advisory GHSA-xjw8-8c5c-9r79.
Apr 16, 2026
Thymeleaf fixes SSTI sandbox bypass in version 3.1.4.RELEASE
Thymeleaf addressed CVE-2026-40478 in version 3.1.4.RELEASE, fixing expression-sandbox bypasses caused by whitespace parsing mismatches and insufficient type restrictions. The update normalized whitespace before checks, expanded external-access detection, restricted dangerous expression objects, and tightened type restrictions.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Affected Products
Sources
Related Stories
Spring Security Flaw Leaves HTTP Security Headers Unwritten
Spring disclosed **`CVE-2026-22732`**, a vulnerability in **Spring Security** in which HTTP security headers may not be written under certain conditions, weakening browser-side protections that applications rely on to reduce exposure to client-side attacks. The issue affects the framework’s handling of response headers, creating a risk that expected defenses are absent even when developers believe they are enabled. Belgium’s **CCB Safeonweb** warned that the flaw can enable **multiple types of client-side attacks** and urged organizations to **patch immediately**. The combined advisories indicate that teams using Spring Security should review affected versions, apply vendor fixes, and verify that critical response headers are being sent correctly to browsers after remediation.
1 months ago
Spring fixes TLS hostname verification flaws and DevTools timing attack issue
Spring published advisories for four vulnerabilities affecting its ecosystem, including three flaws in auto-configuration for **Elasticsearch**, **Cassandra**, and **RabbitMQ** that can disable TLS hostname verification when an SSL bundle is used. The issues are tracked as `CVE-2026-40970`, `CVE-2026-40974`, and `CVE-2026-40971`, respectively, and could weaken certificate validation for connections to those backend services. A fourth advisory, `CVE-2026-40972`, affects **Spring DevTools** and states that remote secret comparison is vulnerable to timing attacks. Together, the disclosures highlight risks in both transport security and authentication-related logic, with the TLS-related bugs potentially exposing applications to man-in-the-middle scenarios and the DevTools issue creating an avenue for attackers to infer secrets through response timing differences.
1 weeks ago
Spring discloses Spring AI injection flaw and Spring gRPC security context issues
Spring published three security advisories covering **Spring AI** and **Spring gRPC**, including `CVE-2026-40967`, a flaw in VectorStore `FilterExpressionConverter` implementations that can let attackers manipulate generated vector store queries because keys and values are not properly escaped. The issue affects Spring AI versions `1.0.0` through `1.0.5` and `1.1.0` through `1.1.4`, and is fixed in `1.0.6` and `1.1.5`. External vulnerability tracking describes the bug as a high-severity code or query injection risk with CVSS `AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L` and maps it to `CWE-94`. Spring also disclosed two **Spring gRPC** vulnerabilities: `CVE-2026-40968`, in which `SecurityContext` data can leak across requests after an authorization failure, and `CVE-2026-40969`, where an `AuthenticationException` message may be reflected back to a remote client. Together, the advisories point to risks of query manipulation, cross-request security context exposure, and unintended error-message disclosure in applications built on affected Spring components.
1 weeks ago