7.5

CVE-2026-22754

Medienbericht

ervlet Path Not Correctly Included in Path Matching of XML Authorization Rules

Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path="/servlet-path" pattern="/endpoint/**"/> to define the servlet path for computing a path matcher, then the servlet path is not included and the related authorization rules are not exercised. This can lead to an authorization bypass.This issue affects Spring Security: from 7.0.0 through 7.0.4.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMwareSpring Security Version >= 7.0.0 < 7.0.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.27% 0.182
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
security@vmware.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-551 Incorrect Behavior Order: Authorization Before Parsing and Canonicalization

If a web server does not fully parse requested URLs before it examines them for authorization, it may be possible for an attacker to bypass authorization protection.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
23.04.2026 10:18
https://spring.io/security/cve-2026-22754
Vendor Advisory
Mitigation
https://access.redhat.com/security/cve/CVE-2026-22754
https://bugzilla.redhat.com/show_bug.cgi?id=2460489
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22754.json