Root has patched CVE-2026-22741 in the io.root.org.springframework:spring-webmvc package for Root:Maven. Multiple fixed versions available.
{
"distro": "maven",
"source": "Root",
"distro_version": "",
"severity": "MEDIUM"
}[
"7.0.6-root.io.1",
"6.2.5-root.io.4",
"6.2.2-root.io.2",
"6.2.17-root.io.2",
"6.1.1-root.io.2",
"5.3.20-root.io.3",
"6.2.17-root.io.3",
"7.0.6-root.io.2",
"6.1.1-root.io.3",
"6.2.5-root.io.5",
"5.3.20-root.io.4",
"6.1.13-root.io.3",
"5.3.23-root.io.4",
"7.0.7-root.io.1"
]
14.0
"root.io.1"
"https://api.root.io/external/osv/ROOT-APP-MAVEN-CVE-2026-22741.json"
"7.0.7"
true
[
"6.2.17-root.io.1",
"6.2.17-root.io.2",
"6.1.1-root.io.2",
"6.2.17-root.io.3",
"6.1.1-root.io.3",
"6.1.13-root.io.3"
]
6.0
"root.io.3"
"https://api.root.io/external/osv/ROOT-APP-MAVEN-CVE-2026-22741.json"
"6.1.13"
true
[
"5.3.20-aikido.3",
"6.2.17-aikido.3",
"7.0.6-aikido.2",
"6.1.1-aikido.3",
"6.2.5-aikido.5",
"5.3.20-aikido.4",
"6.1.13-aikido.3",
"5.3.23-aikido.4",
"7.0.7-aikido.1"
]
""
9.0
"https://api.root.io/external/osv/ROOT-APP-MAVEN-CVE-2026-22741.json"
true
"7.0.7-aikido.1"