CVE-2026-40973 — A local attacker on the same host as the application may be able to take control of the directory used by `ApplicationTemp`. When `server.servlet.session.persistent` is set to `true` and the attack pe — CVE Database · The Intelligence Room