Insecure Temporary File in Spring Boot - CVE-2026-41001
Published: June 11, 2026
Vulnerability identifier: #VU134321
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-41001
CWE-ID: CWE-377
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Spring
Affected software:
Spring Boot
Spring Boot
Detailed vulnerability description
The vulnerability allows a local user to tamper with message queue data, inject malicious messages, or potentially execute code.
The vulnerability exists due to insecure temporary file usage in ArtemisEmbeddedConfigurationFactory when initializing the embedded Artemis message broker without an explicit data directory path. A local user can pre-create the predictable directory or place a symlink before the application starts to tamper with message queue data, inject malicious messages, or potentially execute code.
Exploitation requires the application to use the embedded Artemis message broker with no explicit data directory configured.
How to mitigate CVE-2026-41001
Install security update from vendor's website.