Low
CVE-2026-44242
Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Prior to 4.10.22, the bundleCache is keyed by (Locale, baseName) where th…
Tag: Micronaut Framework
All CVEs associated with "Micronaut Framework". Page 1/1 • 9 CVEs.
About “Micronaut Framework”
A curated feed of “Micronaut Framework”-related CVEs appears below. We currently track 9 CVEs for this tag (all time). In the last 365 days, 4 were published. Average CVSS is 6.5 (all time; 6.5 over 365d), and 56% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-400 - Uncontrolled Resource Consumption, CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop'), CWE-770 - Allocation of Resources Without Limits or Throttling.
In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
Support & lifecycle: micronaut
This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.
| Cycle | Release | Latest | Premier Support | EOL | LTS |
|---|---|---|---|---|---|
| 5 | 5.0.1 | Unavailable | - | ||
| 4 | 4.10.24 | - | |||
| 3 | 3.10.7 | - | |||
| 2 | 2.5.13 | Expired | |||
| 1 | 1.3.7 | Expired |
Maintained Soon (≤ 180 days) Expired
Subscribe lifecycle: RSS (expired) · ICS
Subscribe CVEs: RSS for “Micronaut Framework” · RSS (High+Critical only)
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2026-05-12
High
CVE-2026-44241
Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. From 4.3.0 to before 4.10.22, TimeConverterRegistrar caches DateTimeForma…
2026-03-20
High
CVE-2026-33013
Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions prior to both 4.10.16 and 3.10.5 do not correctly handle descend…
High
CVE-2026-33012
Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions 4.7.0 through 4.10.16 used an unbounded ConcurrentHashMap cache…
2024-02-09
Medium
CVE-2024-23639
Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled bu…
2023-10-09
Medium
CVE-2023-36820
Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips `aud` cla…
2022-01-18
Medium
CVE-2022-21700
Micronaut is a JVM-based, full stack Java framework designed for building JVM web applications with support for Java, Kotlin and the Groovy language. In affected versions sending an invalid Content T…
2021-07-16
High
CVE-2021-32769
Micronaut is a JVM-based, full stack Java framework designed for building JVM applications. A path traversal vulnerability exists in versions prior to 2.5.9. With a basic configuration, it is possibl…
2020-03-30
Critical
CVE-2020-7611
All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed…