A vulnerability was found in Vmware Spring Web Services up to 3.1.8/4.0.18/4.1.3/5.0.1 . It has been declared as critical . Affected by this vulnerability is an unknown functionality. Executing a manipulation can lead to improper authentication. This vulnerability appears as CVE-2026-40995 . The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.