CVE-2026-40974: CWE-295: Improper Certificate Validation in Spring Spring Boot
Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); Cassandra SSL auto-configuration. Versions that are no longer supported are also affected per vendor advisory.
AI Analysis
Technical Summary
CVE-2026-40974 is a vulnerability in Spring Boot's Cassandra SSL auto-configuration where hostname verification is not performed during SSL connection establishment. This improper certificate validation (CWE-295) can allow attackers to intercept or manipulate communications by exploiting the lack of hostname checks. The issue affects Spring Boot versions 2.7.0 to 2.7.32, 3.3.0 to 3.3.18, 3.4.0 to 3.4.15, 3.5.0 to 3.5.13, and 4.0.0 to 4.0.5. Vendor advisories indicate fixes are available in versions 2.7.33, 3.3.19, 3.4.16, 3.5.14, and 4.0.6 respectively. No known exploits are reported in the wild.
Potential Impact
The vulnerability allows an attacker with network access to potentially perform man-in-the-middle attacks against SSL connections to Cassandra by exploiting the lack of hostname verification. This can lead to partial confidentiality, integrity, and availability impacts as indicated by the CVSS vector (C:L/I:L/A:L). However, exploitation requires high attack complexity and is limited to adjacent network attackers.
Mitigation Recommendations
Fixes are available in Spring Boot versions 2.7.33, 3.3.19, 3.4.16, 3.5.14, and 4.0.6. Users should upgrade affected Spring Boot versions to these patched releases to remediate the vulnerability. Since this is not a cloud service, remediation depends on user action. Patch status is confirmed by vendor advisories specifying fixed versions. No other mitigation steps are indicated.
CVE-2026-40974: CWE-295: Improper Certificate Validation in Spring Spring Boot
Description
Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra. Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); Cassandra SSL auto-configuration. Versions that are no longer supported are also affected per vendor advisory.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-40974 is a vulnerability in Spring Boot's Cassandra SSL auto-configuration where hostname verification is not performed during SSL connection establishment. This improper certificate validation (CWE-295) can allow attackers to intercept or manipulate communications by exploiting the lack of hostname checks. The issue affects Spring Boot versions 2.7.0 to 2.7.32, 3.3.0 to 3.3.18, 3.4.0 to 3.4.15, 3.5.0 to 3.5.13, and 4.0.0 to 4.0.5. Vendor advisories indicate fixes are available in versions 2.7.33, 3.3.19, 3.4.16, 3.5.14, and 4.0.6 respectively. No known exploits are reported in the wild.
Potential Impact
The vulnerability allows an attacker with network access to potentially perform man-in-the-middle attacks against SSL connections to Cassandra by exploiting the lack of hostname verification. This can lead to partial confidentiality, integrity, and availability impacts as indicated by the CVSS vector (C:L/I:L/A:L). However, exploitation requires high attack complexity and is limited to adjacent network attackers.
Mitigation Recommendations
Fixes are available in Spring Boot versions 2.7.33, 3.3.19, 3.4.16, 3.5.14, and 4.0.6. Users should upgrade affected Spring Boot versions to these patched releases to remediate the vulnerability. Since this is not a cloud service, remediation depends on user action. Patch status is confirmed by vendor advisories specifying fixed versions. No other mitigation steps are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- vmware
- Date Reserved
- 2026-04-16T02:19:04.615Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f0134ecbff5d861057a5cb
Added to database: 4/28/2026, 1:54:22 AM
Last enriched: 4/28/2026, 1:54:43 AM
Last updated: 4/28/2026, 3:03:12 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.