{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41715", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2026-04-22T06:21:37.020Z", "datePublished": "2026-06-09T03:48:41.439Z", "dateUpdated": "2026-06-09T03:48:41.439Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2026-06-09T03:48:41.439Z"}, "title": "Reactor Netty HTTP Client Leaks Credentials On Protocol Downgrade Redirect", "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-522: Insufficiently Protected Credentials", "cweId": "CWE-522", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "The Reactor Netty HTTP client may expose credentials when following a redirect from a secure (HTTPS) to an insecure (HTTP) endpoint, leading to information disclosure."}]}], "affected": [{"vendor": "Spring", "product": "Reactor Netty", "defaultStatus": "unaffected", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "1.0.52", "versionType": "custom"}, {"status": "affected", "version": "1.1.0", "lessThan": "1.1.36", "versionType": "custom"}, {"status": "affected", "version": "1.2.0", "lessThan": "1.2.18", "versionType": "custom"}, {"status": "affected", "version": "1.3.0", "lessThan": "1.3.6", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.\n\nAffected versions:\nReactor Netty 1.0.0 through 1.0.51; 1.1.0 through 1.1.35; 1.2.0 through 1.2.17; 1.3.0 through 1.3.5.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.\n\nAffected versions:\nReactor Netty 1.0.0 through 1.0.51; 1.1.0 through 1.1.35; 1.2.0 through 1.2.17; 1.3.0 through 1.3.5."}]}], "references": [{"url": "https://spring.io/security/cve-2026-41715"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been explicitly configured to follow redirects.\n\nAffected versions:\nReactor Netty 1.0.0 through 1.0.51; 1.1.0 through 1.1.35; 1.2.0 through 1.2.17; 1.3.0 through 1.3.5."}], "id": "CVE-2026-41715", "lastModified": "2026-06-09T05:16:35.263", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2026-06-09T05:16:35.263", "references": [{"source": "security@vmware.com", "url": "https://spring.io/security/cve-2026-41715"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-522"}], "source": "security@vmware.com", "type": "Secondary"}]}

{}

{"created": "2026-06-09T05:30:36.259848+00:00", "updated": "2026-06-09T05:30:36.259864+00:00", "vendors": []}