Bug 2463329 (CVE-2026-40977)
| Summary: | CVE-2026-40977 Spring Boot: Spring Boot: Local file corruption via PID file manipulation | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | abrianik, aschwart, asoldano, aszczucz, ataylor, bbaranow, bmaxwell, boliveir, bstansbe, dbruscin, dhanak, dlofthou, drichtar, drosa, fmariani, ggrzybek, gmalinko, gtanzill, ibek, istudens, ivassile, iweiss, janstey, jbuscemi, jraez, jrokos, kaycoth, kvanderr, mnovotny, mosmerov, mposolda, msvehla, nwallace, parichar, pberan, pbizzarr, pdelbell, pesilva, pjindal, pmackay, rhel-process-autobot, rmartinc, rstancel, rstepani, sausingh, sdawley, smaestri, ssilvert, sthorger, tasato, tcunning, thjenkin, vdosoudi, vmuzikar, watson-tool-maintainers, yfang |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in Spring Boot when an application is configured to use `ApplicationPidFileWriter`. A local attacker with write access to the PID file's location can exploit this vulnerability to corrupt one arbitrary file on the host each time the application is started. This can lead to data integrity issues or a denial of service (DoS) by rendering critical system files unusable.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2026-04-28 00:02:16 UTC
|