Listen to this Post
The vulnerability stems from a flaw in Thymeleaf’s expression evaluation sandbox. The library allows templates to execute expressions (e.g., ${...}), and to prevent abuse, it normally restricts which Java objects and methods can be accessed. However, in versions up to 3.1.3.RELEASE, the sanitization logic does not fully neutralize certain syntax patterns. Specifically, an attacker can use expression preprocessing delimiters (__${...}__) or craft special SpEL syntax to bypass the whitelist. By injecting a payload that looks like a benign variable reference but actually contains nested or escaped expression tokens, the attacker can force the engine to evaluate arbitrary Spring Expression Language (SpEL) code. Because the expression is executed in the context of the template’s variable resolution, the attacker gains access to internal objects such as T(java.lang.Runtime), which can be used to execute arbitrary system commands. The attack is successful only when an application passes unvalidated user input directly into a Thymeleaf template (e.g., by using the `[[…]]` or `${…}` syntax on user‑controlled strings). In such cases, the remote, unauthenticated attacker can achieve full Server‑Side Template Injection (SSTI), leading to remote code execution (RCE) on the server. The issue is fixed in Thymeleaf 3.1.4.RELEASE, where the expression‑evaluation sandbox has been strengthened to block the previously bypassable patterns.
DailyCVE form
Platform: Thymeleaf (Spring)
Version: up to 3.1.3
Vulnerability: SSTI (RCE)
Severity: High
Date: 2026‑04‑15
Prediction: Patch 2026‑04‑15
What Undercode Say
Analytics:
The vulnerability has a CVSS v3 base score of 8.8 (High) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H. The exploitability is high because it requires no privileges and can be triggered remotely, although it does rely on user interaction (the application must process attacker‑supplied input). The impact on confidentiality, integrity, and availability is complete. The CVE is currently being tracked in public exploit databases, and several proof‑of‑concept payloads have been published on GitHub.
Bash commands and codes related to the blog
Identify vulnerable Thymeleaf version in a Spring Boot project
grep -r "thymeleaf" pom.xml build.gradle | grep -E "3.1.[0-3]"
Example vulnerable code (Java)
@RequestMapping("/greet")
public String greet(@RequestParam String name, Model model) {
model.addAttribute("greeting", "Hello " + name);
return "template"; // where template uses [[${greeting}]]
}
Detection with curl (using expression preprocessing)
curl -X POST "http://target/greet?name=__${T(java.lang.Runtime).exec('id')}__"
Exploit:
An attacker can send a crafted HTTP request containing a Thymeleaf expression delimiter (e.g., __${...}__) along with a SpEL payload. For example:
name=<strong>${T(java.lang.Runtime).getRuntime().exec('touch /tmp/pwned')}</strong>
When the vulnerable application inserts this string directly into a template, the preprocessing step evaluates the inner SpEL code before the main template is rendered. This grants the attacker the ability to execute arbitrary operating‑system commands on the server.
Protection from this CVE:
- Immediately upgrade to Thymeleaf 3.1.4.RELEASE or later.
- If an immediate upgrade is not possible, avoid passing any user‑controlled input directly into Thymeleaf templates. Always validate, sanitize, or escape user data before including it in a template.
- Use content security policies (CSP) and input validation frameworks to reduce the risk of injection.
Impact:
Successful exploitation leads to full remote code execution (RCE) on the host system. An attacker can read, modify, or delete any file accessible to the application process, install backdoors, pivot to internal networks, and compromise the entire server. The vulnerability is particularly dangerous in multi‑tenant environments where multiple applications share the same Thymeleaf engine.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Original Article: https://vipentest.com/blog/cve-2026-40478-thymeleaf-ssti-sandbox-escape-rce/
Extra Source Hub:
Undercode
