CVE-2026-47838
- EPSS 0.12%
- Veröffentlicht 09.06.2026 23:50:07
- Zuletzt bearbeitet 30.06.2026 22:16:56
SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating anothe...
CVE-2026-41706
- EPSS 0.21%
- Veröffentlicht 09.06.2026 23:47:58
- Zuletzt bearbeitet 27.06.2026 22:16:47
Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full...
CVE-2026-41694
- EPSS 0.14%
- Veröffentlicht 09.06.2026 23:47:17
- Zuletzt bearbeitet 27.06.2026 22:16:46
Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption ora...
CVE-2026-41008
- EPSS 0.17%
- Veröffentlicht 09.06.2026 23:47:07
- Zuletzt bearbeitet 27.06.2026 22:16:46
Spring Security Authorization Server's authorization endpoint performs insufficient validation of the request_uri parameter. An attacker can craft a malicious authorization request containing an invalid request_uri and an arbitrary, unvalidated redir...
CVE-2026-41003
- EPSS 0.2%
- Veröffentlicht 09.06.2026 23:46:53
- Zuletzt bearbeitet 27.06.2026 22:16:46
An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters. Affected versions: Spring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.1...
CVE-2026-40993
- EPSS 0.2%
- Veröffentlicht 09.06.2026 23:46:39
- Zuletzt bearbeitet 27.06.2026 22:16:46
An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository (saml2_asserting_party_metadata) may be able to store malicious serialized payloads in the columns containing the collection of verification or e...
CVE-2026-40988
- EPSS 0.33%
- Veröffentlicht 09.06.2026 23:46:15
- Zuletzt bearbeitet 27.06.2026 22:16:45
An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory. Affected ...
CVE-2026-22754
- EPSS 0.27%
- Veröffentlicht 22.04.2026 05:32:48
- Zuletzt bearbeitet 30.06.2026 03:17:27
Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path="/servlet-path" pattern="/endpoint/**"/> to define the servlet path for computing a path matcher, then the servlet path is not included and the related au...
CVE-2026-22753
- EPSS 0.25%
- Veröffentlicht 22.04.2026 05:20:31
- Zuletzt bearbeitet 24.04.2026 14:17:02
Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components w...
CVE-2026-22748
- EPSS 0.2%
- Veröffentlicht 22.04.2026 05:15:03
- Zuletzt bearbeitet 24.04.2026 14:18:17
Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator<Jwt> separately, for example by calling setJwtValidator.This issue affe...