thymeleaf security advisories
2 threat alerts tracking vulnerabilities and security advisories that affect thymeleaf products.
Vulnios monitors thymeleaf CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent thymeleaf security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2026-40477 — thymeleaf — thymeleaf
Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. Al
criticalCVE-2026-40477Critical Vulnerability: CVE-2026-40478 — thymeleaf — thymeleaf
Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanisms
criticalCVE-2026-40478
Track thymeleaf exposure across your environment
Vulnios automatically cross-references your asset inventory against new thymeleaf CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan