A vulnerability was found in Vmware Spring Web Services up to 3.1.8/4.0.18/4.1.3/5.0.1 . It has been rated as critical . Affected by this issue is some unknown functionality. The manipulation leads to server-side request forgery. This vulnerability is traded as CVE-2026-40999 . It is possible to initiate the attack remotely. There is no exploit available. Upgrading the affected component is advised.