CVE-2026-40478 - Improper neutralization of specific syntax patterns for unauthorized expressions in Thymeleaf
CVE ID :CVE-2026-40478 Published : April 17, 2026, 10:16 p.m. | 24 minutes ago Description :Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanisms.
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Need suggestion
- [CYBER] Agentes IA que pasan tus tests. Ese es el problema.
- [CYBER] CVE-2026-6571 - kodcloud KodExplorer systemRole.class.php roleGroupAction authorization
- [CYBER] CVE-2026-6570 - kodcloud KodExplorer systemMember.class.php initInstall authorization
- [CYBER] CVE-2026-6572 - Collabora KodExplorer fileUpload Endpoint share.class.php improper authorization
- [CYBER] Impac Mortgage Holdings Reports Two-Year-Old Data Breach Affecting Over 19,000 Individuals