{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40971", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2026-04-16T02:18:56.133Z", "datePublished": "2026-04-27T22:45:13.327Z", "dateUpdated": "2026-04-28T12:46:29.029Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2026-04-27T22:45:13.327Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-295: Improper Certificate Validation", "type": "CWE", "cweId": "CWE-295"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "Per CVSS v3.1: Confidentiality LOW; Integrity LOW; Availability LOW."}]}], "affected": [{"vendor": "Spring", "product": "Spring Boot", "versions": [{"status": "affected", "version": "4.0.0", "lessThan": "4.0.6", "versionType": "custom"}, {"status": "affected", "version": "3.5.0", "lessThan": "3.5.14", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker.\n\nAffected: Spring Boot 4.0.0\u20134.0.5 (fix 4.0.6), 3.5.0\u20133.5.13 (fix 3.5.14) per vendor advisory.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker.</p><p>Affected: Spring Boot 4.0.0\u20134.0.5 (fix 4.0.6), 3.5.0\u20133.5.13 (fix 3.5.14) per vendor advisory.</p>"}]}], "references": [{"url": "https://spring.io/security/cve-2026-40971"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-28T12:46:22.032309Z", "id": "CVE-2026-40971", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T12:46:29.029Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40971", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2026-04-16T02:18:56.133Z", "datePublished": "2026-04-27T22:45:13.327Z", "dateUpdated": "2026-04-28T12:46:29.029Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2026-04-27T22:45:13.327Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-295: Improper Certificate Validation", "type": "CWE", "cweId": "CWE-295"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "Per CVSS v3.1: Confidentiality LOW; Integrity LOW; Availability LOW."}]}], "affected": [{"vendor": "Spring", "product": "Spring Boot", "versions": [{"status": "affected", "version": "4.0.0", "lessThan": "4.0.6", "versionType": "custom"}, {"status": "affected", "version": "3.5.0", "lessThan": "3.5.14", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker.\n\nAffected: Spring Boot 4.0.0\u20134.0.5 (fix 4.0.6), 3.5.0\u20133.5.13 (fix 3.5.14) per vendor advisory.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker.</p><p>Affected: Spring Boot 4.0.0\u20134.0.5 (fix 4.0.6), 3.5.0\u20133.5.13 (fix 3.5.14) per vendor advisory.</p>"}]}], "references": [{"url": "https://spring.io/security/cve-2026-40971"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 5, "baseSeverity": "MEDIUM"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40971", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-28T12:46:22.032309Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T12:46:25.508Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "When configured to use an SSL bundle, Spring Boot's RabbitMQ auto-configuration does not perform hostname verification when connecting to the RabbitMQ broker.\n\nAffected: Spring Boot 4.0.0\u20134.0.5 (fix 4.0.6), 3.5.0\u20133.5.13 (fix 3.5.14) per vendor advisory."}], "id": "CVE-2026-40971", "lastModified": "2026-04-27T23:16:03.403", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.4, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2026-04-27T23:16:03.403", "references": [{"source": "security@vmware.com", "url": "https://spring.io/security/cve-2026-40971"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "security@vmware.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.0.0,4.0.6)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[3.5.0,3.5.14)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Spring Boot", "source": "cna", "vendor": "Spring"}, "product": "spring_boot", "vendor": "spring"}], "analysis": {"en": {"generated_at": "2026-04-28T12:47:08.557983+00:00", "value": {"mitigation_remediation": ["Upgrade Spring Boot to 4.0.6 or later, or to 3.5.14 or later, where the hostname verification check is restored.", "If an immediate upgrade is not possible, avoid using an SSL bundle that is not trusted or remove the SSL configuration until the patch is applied.", "After applying the patch or workaround, verify that the Spring Boot application is establishing TLS connections with proper certificate chains and that the broker\u2019s hostname matches the presented certificate."], "summary": {"action": "Patch Now", "impact": "Man-in-the-Middle via skipped hostname verification"}, "threat_synthesis": {"affected_systems": "Spring Boot 4.0.0 through 4.0.5 and 3.5.0 through 3.5.13 are affected; the vulnerability is fixed in Spring Boot 4.0.6 and 3.5.14 respectively.", "description_and_impact": "Spring Boot\u2019s auto\u2011configuration for RabbitMQ allows an SSL bundle but fails to perform hostname verification, creating an improper certificate validation weakness (CWE\u2011295). This means a malicious broker or network attacker can impersonate the intended RabbitMQ broker, potentially intercepting or altering traffic between the Spring Boot application and the broker. The reported CVSS score of 5 indicates a moderate risk of data confidentiality and integrity compromise.", "risk_and_exploitability": "The vulnerability can be exploited when an application is configured to use an SSL bundle for RabbitMQ connections, typically over a network that could be monitored or controlled by an adversary. Since hostname verification is not performed, an attacker who can influence the broker endpoint can conduct a man\u2011in\u2011the\u2011middle attack. With a CVSS score of 5 and no EPSS data, exploitation likelihood is uncertain but the lack of KEV listing suggests no widespread active exploitation yet. The risk remains moderate and warrants timely remediation."}}}}, "created": "2026-04-28T02:15:18.520203+00:00", "title": "Hostname Verification Bypass in Spring Boot RabbitMQ SSL Connections", "updated": "2026-04-28T13:00:15.221931+00:00", "vendors": ["spring", "spring$PRODUCT$spring_boot"]}