{"id":16113,"date":"2026-04-17T23:07:09","date_gmt":"2026-04-17T23:07:09","guid":{"rendered":"https:\/\/newestek.com\/?p=16113"},"modified":"2026-04-17T23:07:09","modified_gmt":"2026-04-17T23:07:09","slug":"critical-sandbox-bypass-fixed-in-popular-thymeleaf-java-template-engine","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=16113","title":{"rendered":"Critical sandbox bypass fixed in popular Thymeleaf Java template engine"},"content":{"rendered":"<div>\n<div id=\"remove_no_follow\">\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<section class=\"wp-block-bigbite-multi-title\">\n<div class=\"container\"><\/div>\n<\/section>\n<p>Maintainers of Thymeleaf, a widely used template engine for Java web applications, fixed a rare critical vulnerability that allows unauthenticated attackers to execute malicious code on servers.<\/p>\n<p>The vulnerability, tracked as CVE-2026-40478, is rated 9.1 on the CVSS severity scale and is described as a Server-Side Template Injection (SSTI) issue. Thymeleaf has a sandbox-like protection that prevents user input from executing dangerous expressions, but this flaw allows attackers to bypass those protections.<\/p>\n<p>\u201cAlthough the library provides mechanisms to prevent expression injection, it fails to properly neutralize specific syntax patterns that allow for the execution of unauthorized expressions,\u201d the developers said in <a href=\"http:\/\/github.com\/advisories\/GHSA-xjw8-8c5c-9r79\">their advisory<\/a>. \u201cIf an application developer passes unvalidated user input directly to the template engine, an unauthenticated remote attacker can bypass the library\u2019s protections to achieve Server-Side Template Injection (SSTI).\u201d<\/p>\n<p>Thymeleaf is the de facto template engine in the Java Spring ecosystem and Spring is the most popular framework for developing web applications in Java. Since Java is still widely used for development in enterprise environments, this vulnerability has the potential to impact numerous business applications.<\/p>\n<p>All Thymeleaf versions before 3.1.4.RELEASE are affected and no work-around exists. Companies are advised to identify which of their applications use Thymeleaf and upgrade to 3.1.4.RELEASE as soon as possible.<\/p>\n<h2 class=\"wp-block-heading\" id=\"straightforward-exploitation\">Straightforward exploitation<\/h2>\n<p>According to researchers from application security testing firm Endor Labs, exploitation is straightforward with no special privileges or conditions required. Attackers just need to control input that reaches Thymeleaf\u2019s expression engine, which is a common pattern in web applications.<\/p>\n<p>Endor Labs notes in <a href=\"https:\/\/www.endorlabs.com\/learn\/its-about-thyme-how-a-whitespace-character-broke-thymeleafs-expression-sandbox-cve-2026-40478\">their report<\/a> that Thymeleaf has defense-in-depth layers to block dangerous expressions and in this case two of them failed. For example, a string check scanned the expression text for dangerous patterns, such as the <code>new<\/code> keyword followed by an ASCII space, T (Spring Expression Language type references) and @ (SpEL bean references in some code paths). However, the check only looked for ASCII space 0x20 characters, but the SpEL\u2019s parser also accepts tab (0x09), newline (0x0A), and other control characters between <code>new<\/code> and the class name.<\/p>\n<p>Another policy blocked classes that start with <code>java.*<\/code> from being used inside T()\u00a0type references, but did not block types from <code>org.springframework.*<\/code>, <code>ognl.*<\/code>, or <code>javax.*<\/code>.<\/p>\n<p>\u201cSince typical Spring applications have spring-core on the classpath, classes like <code>org.springframework.core.io.FileSystemResource<\/code> were freely constructable, and that class can create arbitrary files on disk,\u201d the researchers said.<\/p>\n<p>As such, Endor Labs was able to easily build a proof-of-concept exploit by combining the two: use a tab character after new and calling the <code>org.springframework.core.io.FileSystemResource<\/code> class to create a file on disk.<\/p>\n<p>\u201cWith the right class, an attacker can escalate from file creation to full remote code execution, for example, instantiating a ProcessBuilder wrapper from a third-party library, or leveraging Spring\u2019s own GenericApplicationContext to register and invoke arbitrary beans,\u201d the researchers explained.<\/p>\n<p><a href=\"https:\/\/www.csoonline.com\/article\/572455\/remote-code-execution-flaws-in-spring-and-spring-cloud-frameworks-put-java-apps-at-risk.html\">Vulnerabilities in the Java Spring Framework itself have been exploited in the past<\/a> to compromise web servers, so it\u2019s likely that an easy-to-exploit flaw such as this one will be quickly adopted by attackers.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Maintainers of Thymeleaf, a widely used template engine for Java web applications, fixed a rare critical vulnerability that allows unauthenticated attackers to execute malicious code on servers. The vulnerability, tracked as CVE-2026-40478, is rated 9.1 on the CVSS severity scale and is described as a Server-Side Template Injection (SSTI) issue. Thymeleaf has a sandbox-like protection that prevents user input from executing dangerous expressions, but this&#8230; <\/p>\n<p class=\"more\"><a class=\"more-link\" href=\"https:\/\/newestek.com\/?p=16113\">Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-16113","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/16113","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=16113"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/16113\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=16113"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=16113"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=16113"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}