Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-04-27T23:29:51 Spring Boot: Spring Boot: Arbitrary Code Execution and Session Hijacking via predictable temporary directory 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CWE-341

A flaw was found in Spring Boot. A local attacker on the same host as the application may be able to take control of the `ApplicationTemp` directory due to predictable temporary directory handling. When the `server.servlet.session.persistent` setting is enabled and the attack persists across application restarts, this could allow the attacker to read session information, hijack authenticated user sessions, or execute arbitrary code as the application's user.

To mitigate this issue, ensure that the `server.servlet.session.persistent` property is set to `false` in your Spring Boot application's configuration. This prevents session information from being written to the predictable temporary directory, thereby removing the conditions necessary for exploitation. Disabling persistent sessions may affect application behavior that relies on session data surviving restarts. Red Hat AMQ Broker 7 Not affected spring-boot Red Hat AMQ Clients Not affected spring-boot Red Hat build of Apache Camel for Spring Boot 4 Affected spring-boot Red Hat build of Apache Camel - HawtIO 4 Affected spring-boot Red Hat build of OptaPlanner 8 Affected spring-boot Red Hat Data Grid 8 Not affected spring-boot Red Hat Enterprise Linux 8 Not affected log4j:2/log4j Red Hat Enterprise Linux 9 Not affected log4j Red Hat Fuse 7 Affected spring-boot Red Hat JBoss Enterprise Application Platform 7 Affected spring-boot Red Hat JBoss Enterprise Application Platform 8 Affected spring-boot Red Hat JBoss Enterprise Application Platform Expansion Pack Affected spring-boot Red Hat OpenShift Dev Spaces Affected devspaces/openvsx-rhel9 Red Hat OpenShift Dev Spaces Affected devspaces/pluginregistry-rhel9 Red Hat Process Automation 7 Affected spring-boot Red Hat Single Sign-On 7 Affected spring-boot https://www.cve.org/CVERecord?id=CVE-2026-40973 https://nvd.nist.gov/vuln/detail/CVE-2026-40973 https://spring.io/security/cve-2026-40973