Bug 2487805 (CVE-2026-41001) - CVE-2026-41001 spring-boot: Spring Boot: Local attacker can manipulate data directory due to predictable path
Summary: CVE-2026-41001 spring-boot: Spring Boot: Local attacker can manipulate data d...
Keywords:
Status: NEW
Alias: CVE-2026-41001
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-06-11 07:01 UTC by OSIDB Bzimport
Modified: 2026-07-01 15:34 UTC (History)
39 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-06-11 07:01:44 UTC
Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts.

Affected versions:
Spring Boot 4.0.0 through 4.0.6; 3.5.0 through 3.5.14; 3.4.0 through 3.4.16; 3.3.0 through 3.3.19; 2.7.0 through 2.7.33.


Note You need to log in before you can comment on or make changes to this bug.