- Security updates have been released for vulnerabilities in Spring products.
- the target is Spring gRPC versions 1.0.0 through 1.0.2 and earlier.
- the vulnerability is CVE-2026-40968, which is a request-to-request SecurityContext (a security state that holds authentication and authorization information) leak in Spring gRPC.
- the vulnerability occurs in the context of an authorization failure.
- the resolved version is 1.0.3.
- users of affected products should update to the latest version of the Vulnerability Patch by following the instructions on the reference site.
