CVE-2026-22741

*** Pendiente de traducción *** Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources.<br /> <br /> <br /> More precisely, an application can be vulnerable when all the following are true:<br /> <br /> * the application is using Spring MVC or Spring WebFlux<br /> * the application is configuring the  resource chain support https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-config/static-resources.html#page-title  with caching enabled<br /> * the application adds support for encoded resources resolution<br /> * the resource cache must be empty when the attacker has access to the application<br /> <br /> <br /> When all the conditions above are met, the attacker can send malicious requests and poison the resource cache with resources using the wrong encoding. This can cause a denial of service by breaking the front-end application for clients.