Is CVE-2026-40987 in the CISA Known Exploited Vulnerabilities catalog?

CVE-2026-40987 is not currently listed in the CISA KEV catalog.

Vulnerability intelligence

CVE-2026-40987

In 15 days, enterprises running Spring 6.2 lose open-source security patches on the same day the EU requires them to prove they have a patching strategy. Spring 7.0 is the upgrade path. The migration window is two weeks.

Spring 2026

What WebPulse reported · 1 analysis

Spring Framework 6.2 EOL on June 30 — the Same Day as the NIS2 Audit Deadline.

In 15 days, enterprises running Spring 6.2 lose open-source security patches on the same day the EU requires them to prove they have a patching strategy. Spring

June 15, 2026

View CVE-2026-40987 on the NIST National Vulnerability Database →

Related vulnerabilities

CVE-2026-9319 CVE-2026-9311 CVE-2026-8644 CVE-2026-40994 CVE-2022-22965 CVE-2022-22963 CVE-2022-22947 CVE-2020-5410