{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-40987/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-11T12:46:24.043Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-40987","@id":"https://www.cve.org/CVERecord?id=CVE-2026-40987","description":"A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem (outside the configured local-directory) with attacker-controlled content.\n\nAffected versions:\nSpring Integration 7.0.0 through 7.0.4; 6.5.0 through 6.5.8; 6.4.0 through 6.4.11; 6.3.0 through 6.3.14; 5.5.0 through 5.5.20."},"products":[{"@id":"cpe:2.3:a:spring:spring_integration:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:spring:spring_integration:*:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"Update to a fixed version: 5.5.21, 6.3.15, 6.4.12, 6.5.9, 7.0.5.","timestamp":"2026-06-11T12:46:24.043Z"}]}