Listen to this Post
How the mentioned CVE works (around 20 lines):
The vulnerability resides in Thymeleaf’s expression evaluation engine, specifically within the sandboxed (restricted) evaluation contexts introduced to prevent Server-Side Template Injection (SSTI).
These sandboxes are designed to block dangerous expression constructs, such as method calls or property access that could lead to arbitrary code execution.
However, up to version 3.1.4.RELEASE, the sandbox fails to fully neutralize certain expression structures that leverage internal Thymeleaf objects or expression utility classes.
An attacker can craft input that, when passed as an unsanitized variable into a template, bypasses the sandbox’s restrictions.
The bypass typically uses special syntax like `${…}` or `{…}` combined with prefixed expression objects (e.g., execInfo, vars, or ctx).
By chaining accesses to these internal objects, the attacker can reach methods that are normally prohibited.
For example, `ctx.getVariable(‘someVar’)` may be allowed, but further reflection or class loading can be triggered via ctx.getClass().forName(...).
The sandbox does not recursively block such chains, allowing expression evaluation to escape the intended restrictions.
Once unrestricted expression evaluation is achieved, an attacker can invoke Java runtime methods, execute system commands, read files, or perform other malicious actions.
This leads to full Server-Side Template Injection (SSTI) on the application server.
The attack requires that the application developer passes unsanitized user-controlled data into a Thymeleaf template that uses a sandboxed expression context.
Common scenarios include template fragments processed with `TemplateEngine.process()` where a variable containing user input is directly inserted.
Even if the template uses `th:utext` or `th:text` with a sandboxed StandardExpressionProfile, the bypass remains effective.
The root cause is a missing validation step for nested or chained expression evaluations within the sandbox implementation.
Specifically, the `RestrictedExpressionExecutor` does not recursively apply security checks after resolving an intermediate expression result.
Thus, a seemingly harmless expression like `${execInfo.getTemplateName()}` can be expanded to ${execInfo.getClass().getMethod(...)}.
No explicit CVE identifier was provided in the source , but the vulnerability is fixed in Thymeleaf 3.1.5.RELEASE.
The issue affects all prior versions (3.1.0 to 3.1.4.RELEASE) and possibly earlier 3.0.x branches if they implement similar sandboxing.
Upgrading to the patched version eliminates the bypass by enforcing strict whitelist-based evaluation for every sub-expression.
DailyCVE form (3 words max per line):
Platform: Java / Thymeleaf
Version: ≤ 3.1.4.RELEASE
Vulnerability: Sandboxed SSTI bypass
Severity: Critical
date: 2026-05-04
Prediction: Already patched, upgrade
Analytics under What Undercode Say:
Check Thymeleaf version in Maven project
mvn dependency:tree | grep thymeleaf
For Gradle
gradle dependencies | grep thymeleaf
Monitor for suspicious expression patterns in logs
grep -E '\${.?(ctx|execInfo|vars).?}' app.log
Example unsafe code pattern (Java)
String userInput = request.getParameter("input");
templateEngine.process("fragment", context.setVariable("data", userInput));
Exploit:
// Attacker-controlled input bypassing sandbox
${ctx.getClass().forName('java.lang.Runtime').getMethods()[bash].invoke(ctx.getClass().forName('java.lang.Runtime')).exec('id')}
// Alternative using execInfo
${execInfo.getClass().forName('java.lang.ProcessBuilder').getConstructor(java.util.List.class).newInstance(['calc']).start()}
Protection from this CVE:
- Immediately upgrade to Thymeleaf 3.1.5.RELEASE or higher.
- If upgrade impossible, never pass unsanitized user input into
TemplateEngine.process(). - Use strict input validation and output encoding even in sandboxed modes.
- Apply WAF rules to block expression-like payloads (
${{},{{},{}) in user parameters. - Monitor for unusual template processing calls or command execution attempts.
Impact:
- Full server-side template injection leading to remote code execution.
- Attackers can read/write files, spawn reverse shells, or pivot into internal networks.
- Compromises confidentiality, integrity, and availability of the host application.
- Affects all applications using vulnerable Thymeleaf versions with unsanitized user input in templates.
- No workaround exists; only patched version provides complete mitigation.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
