Root has patched CVE-2026-22740 in the io.root.org.springframework:spring-webflux package for Root:Maven. Multiple fixed versions available.
{
"source": "Root",
"distro_version": "",
"severity": "MEDIUM",
"distro": "maven"
}[
"6.2.17-root.io.1",
"6.2.17-root.io.2",
"6.1.1-root.io.2",
"6.2.17-root.io.3",
"6.1.1-root.io.3",
"6.1.13-root.io.3"
]
"6.1.13"
"root.io.3"
"https://api.root.io/external/osv/ROOT-APP-MAVEN-CVE-2026-22740.json"
6.0
true