Home
HIGH: 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:LDefault status
unaffected
7.0.0 (custom) before 7.0.5
affected
6.5.0 (custom) before 6.5.9
affected
6.4.0 (custom) before 6.4.12
affected
6.3.0 (custom) before 6.3.15
affected
5.5.0 (custom) before 5.5.21
affected
Description
A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem (outside the configured local-directory) with attacker-controlled content. Affected versions: Spring Integration 7.0.0 through 7.0.4; 6.5.0 through 6.5.8; 6.4.0 through 6.4.11; 6.3.0 through 6.3.14; 5.5.0 through 5.5.20.
Problem types
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)
Product status
7.0.0 (custom) before 7.0.5
6.5.0 (custom) before 6.5.9
6.4.0 (custom) before 6.4.12
6.3.0 (custom) before 6.3.15
5.5.0 (custom) before 5.5.21
References
spring.io/security/cve-2026-40987