CVE-2026-41901 Overview
CVE-2026-41901 is a sandbox bypass vulnerability in Thymeleaf, a server-side Java template engine for web and standalone environments. Thymeleaf versions prior to 3.1.5.RELEASE fail to properly neutralize specific expression constructs within sandboxed (restricted) contexts. Attackers who control unsanitized variables passed to the template engine can execute arbitrary expressions, achieving Server-Side Template Injection (SSTI). The flaw is tracked under [CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement]. The maintainers fixed the issue in 3.1.5.RELEASE.
Critical Impact
Successful exploitation enables Server-Side Template Injection, leading to remote code execution within the Java application context and full compromise of confidentiality, integrity, and availability.
Affected Products
- Thymeleaf template engine versions prior to 3.1.5.RELEASE
- Java web applications embedding Thymeleaf for server-side rendering
- Spring Boot and standalone Java applications using vulnerable Thymeleaf versions in sandboxed contexts
Discovery Timeline
- 2026-05-12 - CVE-2026-41901 published to NVD
- 2026-05-13 - Last updated in NVD database
Technical Details for CVE-2026-41901
Vulnerability Analysis
Thymeleaf processes template expressions written in its Standard Dialect, evaluating constructs such as ${...}, *{...}, and #{...} at render time. The engine exposes restricted execution modes intended to block dangerous expressions, including those that invoke arbitrary Java methods or access reflective APIs.
This vulnerability stems from incomplete neutralization within those sandboxed contexts. Specific expression constructs slip past the restriction logic, allowing the parser to evaluate expressions the sandbox was designed to block. When an application interpolates attacker-controlled input into a template fragment evaluated in a sandboxed context, the attacker gains expression execution inside the JVM.
The outcome is Server-Side Template Injection, a class of vulnerability that frequently leads to remote code execution in Java template engines through method chaining on exposed objects.
Root Cause
The root cause is improper neutralization of expression-language elements ([CWE-917]). Thymeleaf's sandbox filters expected expression syntax but did not account for certain constructs that evaluate to executable expressions. The fix in 3.1.5.RELEASE extends the neutralization logic to cover these constructs.
Attack Vector
The attack vector is network-based and requires no authentication or user interaction. An attacker submits crafted input through any application entry point whose value is later rendered inside a Thymeleaf sandboxed expression. High attack complexity reflects the conditions required: the target application must pass unsanitized values into expressions evaluated in a sandboxed context. See the GitHub Security Advisory GHSA-c9ph-gxww-7744 for technical details on the bypassing constructs.
Detection Methods for CVE-2026-41901
Indicators of Compromise
- Unexpected child processes spawned by the Java application process, particularly shell interpreters such as sh, bash, or cmd.exe
- Outbound network connections from the application server to unfamiliar hosts immediately following template-rendering requests
- HTTP request parameters or body fields containing Thymeleaf expression syntax such as ${, *{, or #{ combined with Java class references
Detection Strategies
- Inspect application dependency manifests (pom.xml, build.gradle) for Thymeleaf versions earlier than 3.1.5.RELEASE
- Review template source files for sandboxed contexts that interpolate user-supplied variables without prior sanitization
- Apply web application firewall rules that flag request payloads containing Thymeleaf expression delimiters paired with Java reflection identifiers
Monitoring Recommendations
- Enable verbose logging on Thymeleaf expression evaluation and alert on parse failures originating from user-controlled fields
- Monitor JVM process behavior for anomalous child process creation and unexpected class loading
- Correlate web access logs with endpoint telemetry to identify request patterns preceding suspicious application server activity
How to Mitigate CVE-2026-41901
Immediate Actions Required
- Upgrade Thymeleaf to 3.1.5.RELEASE or later across all applications and rebuild affected services
- Audit application code paths that pass user-controlled values into template variables used in sandboxed contexts
- Apply input validation and output encoding to any data flowing into Thymeleaf expressions until the upgrade is deployed
Patch Information
The maintainers fixed the vulnerability in Thymeleaf 3.1.5.RELEASE. Update the dependency declaration in pom.xml or build.gradle and redeploy. Refer to the GitHub Security Advisory GHSA-c9ph-gxww-7744 for full remediation guidance.
Workarounds
- Strip or reject expression delimiters such as ${, *{, and #{ from user input before it reaches template rendering
- Avoid placing user-controlled data into expression positions; restrict untrusted input to text-only attributes such as th:text
- Deploy a web application firewall ruleset that blocks Thymeleaf expression syntax in HTTP request parameters
# Maven dependency update example
# Replace the existing Thymeleaf version with the patched release
mvn versions:set-property -Dproperty=thymeleaf.version -DnewVersion=3.1.5.RELEASE
mvn clean package
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
