37 matches found
ROOT-APP-MAVEN-CVE-2026-22732 CVE-2026-22732 in io.root.org.springframework.security:spring-security-web - Patched by Root
Root has patched CVE-2026-22732 in the io.root.org.springframework.security:spring-security-web package for Root:Maven. Multiple fixed versions available...
Security Bulletin: IBM Sterling Control Center is affected by vulnerabilities in spring-security-web (CVE-2026-22732)
Summary IBM Sterling Control Center is affected by a vulnerability CVE-2026-22732 reported for spring-security-web-6.4.12.jar. Vulnerability Details CVEID:CVE-2026-22732 DESCRIPTION: When applications specify HTTP response headers for servlet applications using Spring Security, there is the...
Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to issues in Spring
Summary There are vulnerabilities in Spring used by IBM Sterling Connect:Direct for Microsoft Windows. IBM Sterling Connect:Direct for Microsoft Windows has addressed the applicable CVEs CVE-2026-22732, CVE-2026-22735, CVE-2026-22737. Vulnerability Details CVEID:CVE-2026-22737 DESCRIPTION: Use of...
Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.
Summary Maximo AI Service uses nltk-3.9.1-py3-none-any.whl, mlflow-3.1.0-py3-none-any.whl, and spring-security-web-6.5.7.jar, which are vulnerable to CVE-2025-14009, CVE-2026-2635, CVE-2026-0848, and CVE-2026-22732. This bulletin contains information regarding how to address the vulnerabilities...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of Spring Security
Summary Due to use of Spring Security, DevOps Test Performance and Rational Performance Tester contain a vulnerability that can potentially result in clickjacking, XSS, and sensitive data exposure via caching. CVE-2026-22732 Vulnerability Details CVEID:CVE-2026-22732 DESCRIPTION: When application...
Exploit for CVE-2026-22732
CVE-2026-22732 Demo Minimal reproduction of CVE-2026-22732...
Use of Cache Containing Sensitive Information
Overview org.springframework.security:spring-security-web is a package within Spring Security that provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information in the process of writing HTTP response heade...
be.appify.prefab:prefab-security (>=0.2.0 <=0.7.5), cn.herodotus.dante:dante-authentication-autoconfigure (>=4.0.0.0-M2 <=4.0.0.0-M3) +786 more potentially affected by CVE-2026-22732 via org.springframework.security:spring-security-web (>=7.0.0-M1 <=7.0.3)
org.springframework.security:spring-security-web MAVEN version =7.0.0-M1, =0.2.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =1.28.1, =7.0.0, =7.1.0 and more Source cves: CVE-2026-22732 Source...
africa.absa:inception-oauth2-resource-server (>=1.0.0 <=1.2.0), ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.6.0.0) +10162 more potentially affected by CVE-2026-22732 via org.springframework.security:spring-security-web (>=3.2.8.RELEASE <=6.5.8)
org.springframework.security:spring-security-web MAVEN version =3.2.8.RELEASE, =1.0.0, =4.4.0.0, =0.1.8, =0.1.6, =0.1.2, =0.5.0, =cloud-0.1, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515,...
africa.absa:inception-oauth2-resource-server (>=1.0.0 <=1.2.0), ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.0 <=4.6.0.0) +7472 more potentially affected by CVE-2026-22732 via org.springframework.security:spring-security-web (>=3.0.0.RELEASE <=5.7.14)
org.springframework.security:spring-security-web MAVEN version =3.0.0.RELEASE, =1.0.0, =4.4.0.0, =0.1.8, =0.1.6, =0.1.2, =0.5.0, =j8.2.4.0, =j8.2.4.0, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =0.0.3, =1.1.0.RELEASE, =0.3, =0.6 and more Source cves: CVE-2026-22732 Source advisory: OSV:GHSA-MF92-479X-3373...
br.com.consultdg:database-module (>=1.0.1 <=1.0.10), cn.herodotus.engine:oauth2-authorization-server-autoconfigure (>=3.4.0.0 <=3.4.0.1) +1068 more potentially affected by CVE-2026-22732 via org.springframework.security:spring-security-web (>=6.4.0 <=6.4.13)
org.springframework.security:spring-security-web MAVEN version =6.4.0, =1.0.1, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =3.4.0.0, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.3, =4.11.5 and more Source cves: CVE-2026-22732 Source advisory: OSV:GHSA-MF92-479X-33...
ai.langsa:ccaas-starter (>=0.1 <=cloud-0.3), ai.langsa:pom-ccaas-langsa (=0.1) +2592 more potentially affected by CVE-2026-22732 via org.springframework.security:spring-security-web (>=6.0.0 <=6.3.10)
org.springframework.security:spring-security-web MAVEN version =6.0.0, =0.1, =0.5.2, =0.5.0, =7.0.0, =1.0.0, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.31 and more Source cves: CVE-2026-22732 Source advisory: OSV:GHSA-MF92-479X-3373...
ai.wavemaker.app.build:wavemaker-app-build-maven-plugin (>=1.0.0-20260516144515 <=1.0.0.ee-20260528111216), ai.wavemaker.app.build:wavemaker-app-build-utils (>=1.0.0-20260516144515 <=1.0.0.ee-20260528111216) +2549 more potentially affected by CVE-2026-22732 via org.springframework.security:spring-security-web (>=6.5.0 <=6.5.8)
org.springframework.security:spring-security-web MAVEN version =6.5.0, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =1.0.0-20260516144515, =0.1.0, =0.1.0, =0.1.0, =2.0.0, =2.0.0,...
be.appify.prefab:prefab-security (>=0.2.0 <=0.7.5), cn.herodotus.dante:dante-authentication-autoconfigure (>=4.0.0.0-M2 <=4.0.0.0-M3) +783 more potentially affected by CVE-2026-22732 via org.springframework.security:spring-security-web (>=7.0.0 <=7.0.3)
org.springframework.security:spring-security-web MAVEN version =7.0.0, =0.2.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =1.28.1, =7.0.0, =7.1.0 and more Source cves: CVE-2026-22732 Source advisor...
CVE-2026-22732 Under Some Conditions Spring Security HTTP Headers Are not Written
When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security Servlet applications using lazy default writing of HTTP Headers: : from 5.7.0 through 5.7.21, from...
CVE-2026-22732 Under Some Conditions Spring Security HTTP Headers Are not Written
When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security Servlet applications using lazy default writing of HTTP Headers: : from 5.7.0 through 5.7.21, from...
CVE-2026-22732
creationtimestamp| type| source ---|---|--- 2026-03-19 18:03:42+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/spring-security-advisory-av26-259 2026-03-19 23:25:23+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mhh5kxyjyh25 2026-03-20 00:00:55+00:00| seen|...
CVE-2025-22732
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Admiral Ad Blocking Detector ad-blocking-detector allows Stored XSS.This issue affects Ad Blocking Detector: from n/a through = 3.6.0...
CVE-2020-22732
CMS Made Simple CMSMS 2.2.14 allows stored XSS via the Extensions Fie Picker...
GPT Academic Denial of Service Vulnerability (CNVD-2025-22732)
GPT Academic is an interface that provides pragmatic interactions for LLM grand language models such as GPT/GLM. A denial of service vulnerability exists in GPT Academic, which stems from a security issue in the file upload feature that can be exploited by an attacker to cause a denial of service...