Thymeleaf SSTI sandbox bypass — referenced in § 7 explaining out-of-window drop (GHSA published 2026-04-29)

cve · CVE-2026-41901

Coverage timeline

first 2026-05-13 → last 2026-05-13

Briefs

1 distinct

Sources cited

4 hosts

Sections touched

—

Co-occurring entities

no co-occurrence

Story timeline

2026-05-13CTI Daily Brief — 2026-05-13

Source distribution

github.com1 (25%)
securelist.com1 (25%)
techzine.eu1 (25%)
theregister.com1 (25%)

External references

NVD · cve.org · CISA KEV

All cited sources (4)

github.comprimaryinlineGitHub Security Advisory GHSA-c9ph-gxww-7744, 2026-04-29https://github.com/thymeleaf/thymeleaf/security/advisories/GHSA-c9ph-gxww-7744
source profile · cited in 2026-05-13
securelist.cominlineSecurelist (Kaspersky), 2026-05-12https://securelist.com/state-of-ransomware-in-2026/119761/
source profile · cited in 2026-05-13
techzine.euinlineTechzine, 2026-02-16https://www.techzine.eu/news/security/138806/data-breach-at-odido-responsibility-and-compensation-under-discussion/
cited in 2026-05-13
theregister.cominlineThe Register, 2026-02-27https://www.theregister.com/2026/02/27/odido_shinyhunters_leaks/
cited in 2026-05-13

Items in briefs about Thymeleaf SSTI sandbox bypass — referenced in § 7 explaining out-of-window drop (GHSA published 2026-04-29)

No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.