Is CVE-2022-22965 in the CISA Known Exploited Vulnerabilities catalog?

Yes — CVE-2022-22965 is listed in CISA KEV, remediation due 2022-04-25.

CISA Known Exploited Vulnerability

CVE-2022-22965

Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.

⚠ Actively exploited (CISA KEV) Spring 2022

CISA catalog entry

Product

Spring Framework

Vendor

VMware

Added to KEV

2022-04-04

Remediation due

2022-04-25

CVE-2022-22965 is tracked in the CISA Known Exploited Vulnerabilities catalog. WebPulse monitors it as part of its framework security intelligence.

Related vulnerabilities

CVE-2026-9319 CVE-2026-9311 CVE-2026-8644 CVE-2026-40994 CVE-2026-40987 CVE-2022-22963 CVE-2022-22947 CVE-2020-5410