Vulnerabilities3 min read
Thymeleaf SSTI Flaw Enables Java RCE via Template Injection
CVE-2026-40478 bypasses Thymeleaf's expression protections, allowing attackers to execute arbitrary Java code through crafted template input. Upgrade to 3.1.4.RELEASE now.
Marcus ChenApr 18, 2026