{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-40975","assignerOrgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","state":"PUBLISHED","assignerShortName":"vmware","dateReserved":"2026-04-16T02:19:04.616Z","datePublished":"2026-04-27T23:32:58.596Z","dateUpdated":"2026-06-30T12:08:53.453Z"},"containers":{"cna":{"providerMetadata":{"orgId":"dcf2e128-44bd-42ed-91e8-88f912c1401d","shortName":"vmware","dateUpdated":"2026-04-27T23:32:58.596Z"},"problemTypes":[{"descriptions":[{"lang":"en","description":"CWE-330: Use of Insufficiently Random Values","type":"CWE","cweId":"CWE-330"}]}],"impacts":[{"descriptions":[{"lang":"en","value":"Per CVSS v3.1: Confidentiality LOW; Integrity LOW; Availability NONE."}]}],"affected":[{"vendor":"Spring","product":"Spring Boot","versions":[{"status":"affected","version":"4.0.0","lessThan":"4.0.6","versionType":"custom"},{"status":"affected","version":"3.5.0","lessThan":"3.5.14","versionType":"custom"},{"status":"affected","version":"3.4.0","lessThan":"3.4.16","versionType":"custom"},{"status":"affected","version":"3.3.0","lessThan":"3.3.19","versionType":"custom"},{"status":"affected","version":"2.7.0","lessThan":"2.7.33","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"Values produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affected. ${random.int} and ${random.long} should never be used for secrets as they are numeric values with a predictable range.\n\nAffected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); random value property source / weak PRNG for secrets. Versions that are no longer supported are also affected per vendor advisory.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>Values produced by <code>${random.value}</code> are not suitable for use as secrets. <code>${random.uuid}</code> is not affected. <code>${random.int}</code> and <code>${random.long}</code> should never be used for secrets as they are numeric values with a predictable range.</p><p>Affected: Spring Boot 4.0.0–4.0.5 (fix 4.0.6), 3.5.0–3.5.13 (fix 3.5.14), 3.4.0–3.4.15 (fix 3.4.16), 3.3.0–3.3.18 (fix 3.3.19), 2.7.0–2.7.32 (fix 2.7.33); random value property source / weak PRNG for secrets. Versions that are no longer supported are also affected per vendor advisory.</p>"}]}],"references":[{"url":"https://spring.io/security/cve-2026-40975"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":4.8,"baseSeverity":"MEDIUM"}}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 1.0.1"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-04-28T13:51:27.326869Z","id":"CVE-2026-40975","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-04-28T14:35:05.760Z"}},{"affected":[{"cpes":["cpe:/a:redhat:apache_camel_hawtio:4.4::el9"],"defaultStatus":"affected","product":"HawtIO HawtIO 4.4.0","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jboss_data_grid:8"],"defaultStatus":"affected","product":"Red Hat Data Grid 8.6.1","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:openshift_devspaces:3.28::el9"],"defaultStatus":"affected","product":"Red Hat OpenShift Dev Spaces 3.28","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:apache_camel_spring_boot:4.18"],"defaultStatus":"affected","product":"Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:amq_clients:2023"],"defaultStatus":"affected","product":"Red Hat AMQ Clients","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:optaplanner:::el6"],"defaultStatus":"affected","product":"Red Hat build of OptaPlanner 8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jboss_fuse:7"],"defaultStatus":"affected","product":"Red Hat Fuse 7","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:amq_broker:7"],"defaultStatus":"unaffected","product":"Red Hat AMQ Broker 7","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:8"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 8","vendor":"Red Hat"},{"cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"unaffected","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:7"],"defaultStatus":"unaffected","product":"Red Hat JBoss Enterprise Application Platform 7","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jboss_enterprise_application_platform:8"],"defaultStatus":"unaffected","product":"Red Hat JBoss Enterprise Application Platform 8","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jbosseapxp"],"defaultStatus":"unaffected","product":"Red Hat JBoss Enterprise Application Platform Expansion Pack","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:jboss_enterprise_bpms_platform:7"],"defaultStatus":"unaffected","product":"Red Hat Process Automation 7","vendor":"Red Hat"},{"cpes":["cpe:/a:redhat:red_hat_single_sign_on:7"],"defaultStatus":"unaffected","product":"Red Hat Single Sign-On 7","vendor":"Red Hat"}],"datePublic":"2026-04-27T23:32:58.596Z","descriptions":[{"lang":"en","value":"A flaw was found in Spring Boot. The `${random.value}` property source utilizes a weak pseudo-random number generator (PRNG), meaning the values it produces are not sufficiently random for use as cryptographic secrets. An attacker could potentially predict these values, which may lead to information disclosure or a security bypass if they are used in sensitive applications."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":8.2,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-338","description":"Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)","lang":"en","type":"CWE"}]}],"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-40975"},{"name":"RHBZ#2463331","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463331"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-40975.json"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:25089"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:22619"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:21772"},{"tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2026:17668"}],"solutions":[{"lang":"en","value":"RHSA-2026:25089: HawtIO HawtIO 4.4.0"},{"lang":"en","value":"RHSA-2026:22619: Red Hat Data Grid 8.6.1"},{"lang":"en","value":"RHSA-2026:21772: Red Hat OpenShift Dev Spaces 3.28"},{"lang":"en","value":"RHSA-2026:17668: Red Hat build of Apache Camel 4.18.1 for Spring Boot 3.5.14"}],"timeline":[{"lang":"en","time":"2026-04-28T00:01:58.716Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-04-27T23:32:58.596Z","value":"Made public."}],"title":"Spring Boot: Spring Boot: Weak pseudo-random number generation can lead to information disclosure.","workarounds":[{"lang":"en","value":"Applications utilizing Spring Boot should avoid using the `${random.value}` property for generating cryptographic secrets or other security-sensitive data. Developers should review their application configurations and code to ensure that only cryptographically strong random number generators are used for such purposes. For UUID generation, `${random.uuid}` is not affected and can be used."}],"x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"},"providerMetadata":{"orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP","dateUpdated":"2026-06-30T12:08:53.453Z"}}]}}