EUVD-2026-13347

🗓️ 20 Mar 2026 00:31:28Reported by EUVDType

HTTP response headers may not be written in Spring Security servlet applications across specified version ranges.

Reporter	Title	Published	Views	Family All 58
IBM Security Bulletins	Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to issues in Spring	27 Apr 202609:03	–	ibm
IBM Security Bulletins	Security Bulletin: Remediation of Multiple Spring Vulnerabilities in IBM Library Support for Spring	31 Mar 202616:55	–	ibm
IBM Security Bulletins	Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.	27 Apr 202607:43	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions	31 Mar 202612:19	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in spring-security-web (CVE-2026-22732)	4 May 202616:09	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Process Mining 2.1.1	31 Mar 202616:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Operational Decision Manager for April 2026 - Multiple CVEs addressed	29 May 202610:57	–	ibm
IBM Security Bulletins	Security Bulletin: Remediation of Multiple Spring Vulnerabilities in IBM Library Support for Spring	31 Mar 202616:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Controller is affected by vulnerabilities	19 May 202615:14	–	ibm
IBM Security Bulletins	Security Bulletin: Remediation of Multiple Spring Vulnerabilities in IBM Library Support for Spring	31 Mar 202616:54	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "f1f221e6-782d-3472-b9c2-4096ed3dc3ec",
        "vendor": {
          "name": "Spring"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "122c7fed-bed8-3a2a-b4f2-dac2d02f7ead",
        "product": {
          "name": "Spring Security"
        },
        "product_version": "5.7.0 ≤5.7.21"
      },
      {
        "id": "31aea1fd-c4d2-3251-bba9-04f6c2466436",
        "product": {
          "name": "Spring Security"
        },
        "product_version": "6.5.0 ≤6.5.8"
      },
      {
        "id": "407cc5c1-0feb-3af4-8cfc-daeec8b993d4",
        "product": {
          "name": "Spring Security"
        },
        "product_version": "6.4.0 ≤6.4.14"
      },
      {
        "id": "5bcd7120-4be9-350d-9eaf-7dbc0ff2873c",
        "product": {
          "name": "Spring Security"
        },
        "product_version": "5.8.0 ≤5.8.23"
      },
      {
        "id": "7900afc7-5983-3c72-a256-5d03aa25b4cf",
        "product": {
          "name": "Spring Security"
        },
        "product_version": "6.3.0 ≤6.3.14"
      },
      {
        "id": "fade78f2-dd9e-31bb-ae5e-763c39d4ad48",
        "product": {
          "name": "Spring Security"
        },
        "product_version": "7.0.0 ≤7.0.3"
      }
    ]
  }
]

Source	Link
spring	www.spring.io/security/cve-2026-22732
nvd	www.nvd.nist.gov/vuln/detail/CVE-2026-22732

20 Mar 2026 00:31Current

5.8Medium risk

Vulners AI Score5.8

CVSS 3.19.1

EPSS0.00028

SSVC