CVE-2022-22965CISA KEVEPSS p99.9%

CVE-2022-22965Spring Framework JDK 9+ Remote Code Execution Vulnerability

VMware / Spring Framework

Description

Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.

Scoring

EPSS99.68% probability of exploitation · percentile 99.9% · 2026-06-18T12:00:27Z

CISA KEV entry

Added to KEV: 2022-04-04

(incoming)1

TypeTargetConfidenceTier
KEVEntrySpring Framework JDK 9+ Remote Code Execution Vulnerabilitykev-cve-2022-229650%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability
CVE
CVE-2026-41847
CVE
CVE-2026-41841
CVE
CVE-2026-41853
CVE
Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability
CVE
VMware Spring Cloud Gateway Code Injection Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.