A vulnerability categorized as problematic has been discovered in Vmware Spring Web Services up to 3.1.8/4.0.18/4.1.3/5.0.1 . This affects an unknown part. The manipulation results in xml external entity reference. This vulnerability is known as CVE-2026-40998 . It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.