Spring Product Security Update Advisory (CVE-2026-40968)
Security updates have been released for vulnerabilities in Spring products. the target is Spring gRPC versions 1.0.0 through 1.0.2 and earlier. the vulnerability is CVE-2026-40968, which is a request-to-request SecurityContext (a security state that holds authentication and authorization information) leak in Spring gRPC. the vulnerability occurs in the context of
