A vulnerability has been found in Vmware Spring Web Services up to 3.1.8/4.0.18/4.1.3/5.0.1 and classified as critical . This affects an unknown function. This manipulation causes insecure default initialization of resource. This vulnerability is registered as CVE-2026-40994 . Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.