A vulnerability classified as critical was found in Vmware Spring for GraphQL up to 1.0.6/1.3.8/1.4.5/2.0.3 . This affects an unknown function. The manipulation results in improper access controls. This vulnerability is identified as CVE-2026-41856 . The attack can be executed remotely. There is not any exploit available. Upgrading the affected component is advised.