org.springframework.boot:spring-boot-cassandra (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.springframework.boot:spring-boot-cassandra, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (3)
CVE-2026-40974 — CVSS 5.0 (medium): Spring Boot's Cassandra auto-configuration does not perform hostname verification when establishing an SSL connection to Cassandra…
CVE-2026-40975 — CVSS 4.8 (medium): Values produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affected. ${random.int} and ${random.long}…
CVE-2026-40977 — CVSS 4.7 (medium): When an application is configured to use `ApplicationPidFileWriter`, a local attacker with write access to the PID file's location can…