CVE-2026-40478

Don't Panic: The Thymeleaf Template Injection That Only Hurts If You Let It (CVE-2026-40478)

📅 2026-04-29 00:00:00

🔴 Critical 🔥 No Snyk Blog Exploit General CVSS 9.1

📋 الوصف الكامل

CVE-2026-40478: The Thymeleaf template injection (CVSS 9.1) is conditional. Patch to 3.1.4+ immediately, and audit your code for dynamic view or template expression misuse, which is the key precondition for exploitability.

💻 الأنظمة المتأثرة

Don't Panic: The

⚠️ نوع التهديد

Exploit

🔗 CVE ID

CVE-2026-40478

📡 المصدر

Snyk Blog

✅ الحلول والتخفيف

Update to v3.1.4

🔗 المصدر الأصلي ← 📘 NVD ← ⚡ CISA KEV ←