{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:66bc023f-3254-5bc8-86fb-8350d7264bb7", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.2", "type": "library", "group": "org.springframework", "name": "spring-webflux", "version": "6.1.21-tuxcare.2", "purl": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.2" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:97762104-842c-597c-9542-78b89ceb7817", "id": "CVE-2025-22233", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-22233 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b8da379c-52b0-5946-b3b5-02429263896b", "id": "CVE-2025-41242", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41242 is fixed in version 6.1.21-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:3a8b0e1b-922e-533b-b782-21f56f6a50af", "id": "CVE-2025-41249", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41249 is fixed in version 6.1.21-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1ef2cc9a-ce2a-56ad-9f43-4c69149d47d2", "id": "CVE-2025-41254", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2025-41254 is fixed in version 6.1.21-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:54bbb84f-afe4-591b-a013-0daccbc46aad", "id": "CVE-2026-22735", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22735 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d0979f8a-b788-597f-9515-b61680732398", "id": "CVE-2026-22737", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22737 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e2d49cc5-2831-5860-8c22-fd20381da95d", "id": "CVE-2026-22740", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22740 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:e4c51da4-6839-593d-bdce-dcd84f2700a1", "id": "CVE-2026-22741", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22741 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1a4265a8-229d-5199-8834-d7a6e60e36d3", "id": "CVE-2026-22745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-22745 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d96b2c45-eb8a-5e22-b99c-8513ed63206f", "id": "CVE-2026-41838", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41838 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:aa95d44f-cb2c-5073-a43a-64885d27b660", "id": "CVE-2026-41839", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41839 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:ab36e837-85c6-5a3b-bc8b-0cec7513069c", "id": "CVE-2026-41840", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-41840 does not affect version 6.1.21-tuxcare.2 of org.springframework:spring-webflux. already_fixed \u2014 The target repository (Spring Framework 6.1.21-tuxcare.6) already contains both upstream patches that address CVE-2026-41840. The fixes were previously applied as part of TuxCare backports for CVE-2026-22740 (commit d8aa04a97f, 2026-06-08) and memory leak fixes (commit e7c90921fd, 2026-04-29). Both doOnDiscard handlers are present in the current code, preventing resource exhaustion from multipa..." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:2b871d30-945d-51ec-8ba7-00451db33314", "id": "CVE-2026-41841", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41841 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:1346ef8b-7a7c-5af4-9bcf-0105b1365637", "id": "CVE-2026-41842", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41842 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:dae43d81-8cec-5917-ae15-d64bb0dc7c98", "id": "CVE-2026-41843", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41843 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:fff538b3-05d2-50ec-8e4b-6482d104ca75", "id": "CVE-2026-41844", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41844 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d4ba45e3-6ed4-519d-bdc0-c243b0b06e09", "id": "CVE-2026-41845", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41845 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:8dfb62e3-9550-5709-8639-5eb3e69347a9", "id": "CVE-2026-41846", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41846 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:691a70e2-1dbb-5b7a-9160-8c0a03faa3da", "id": "CVE-2026-41848", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41848 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:5ebed363-61d2-57e8-a11e-eb2abd374750", "id": "CVE-2026-41850", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41850 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:9a868d9f-41e3-53d4-9e83-cd735ae10fe8", "id": "CVE-2026-41851", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41851 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:d4d15f1c-9e79-55b6-89b4-b7a4937fb3f7", "id": "CVE-2026-41852", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41852 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:66e103e4-e830-5b6b-aa8a-b7532dd53473", "id": "CVE-2026-41853", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41853 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.2" } ] }, { "bom-ref": "urn:uuid:b7705242-9a01-5a40-b467-20cdc671820f", "id": "CVE-2026-41855", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-41855 affects version 6.1.21-tuxcare.2 of org.springframework:spring-webflux." }, "affects": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.2" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.springframework/spring-webflux@6.1.21-tuxcare.2" } ] }