← All reports

Thymeleaf versions prior to 3.1.3.RELEASE are vulnerable to a security bypass vulnerability in their expression execution mechanisms.

CybersecurityApr 18, 2026score 0.172 posts · 0 replies across 1 instances
The thread discusses two critical security vulnerabilities (CVE-2026-40477 and CVE-2026-40478) in Thymeleaf, a server-side Java template engine, affecting versions prior to 3.1.3.RELEASE. These vulnerabilities involve a security bypass in the expression execution mechanisms, which could allow unauthorized access or execution of code. The posts highlight the importance of patching these vulnerabilities to maintain system security.

Claims

Thymeleaf versions prior to 3.1.3.RELEASE are vulnerable to a security bypass vulnerability in their expression execution mechanisms.
Parent: CybersecurityEntity: ThymeleafImpact: negativeDate: Apr 18, 2026Target: Thymeleaf versions prior to 3.1.3.RELEASE

Source posts

@[email protected]
🔴 CVE-2026-40478 - Critical (9) Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanisms. Although the library provides mechanisms to p... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40478/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
0 boosts · 0 favs · 0 replies · Apr 18, 2026
#cve#vulnerability#infosec#cybersecurity#security#tenda
@[email protected]
🔴 CVE-2026-40477 - Critical (9) Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. Although the library provides mechanisms to preve... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-40477/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
0 boosts · 0 favs · 0 replies · Apr 18, 2026
#cve#vulnerability#infosec#cybersecurity#security#tenda