11 matches found
Security Bulletin: MongoDB Enterprised Advanced affected by: Authentication Bypass Using an Alternate Path or Channel (CVE-2026-22731, CVE-2026-22733)
Summary There are vulnerabilities in spring-boot-actuator-autoconfigure-3.5.9.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-22731, CVE-2026-22733. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-22731 DESCRIPTION: Spring Boot applications with...
Security Bulletin: DevOps Test Performance contains a vulnerability due to use of Spring Boot
Summary Due to use of Spring Boot, DevOps Test Performance and Rational Performance Tester contain a potential authentication bypass vulnerability. Vulnerability Details CVEID:CVE-2026-22731 DESCRIPTION: Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass"...
CVE-2026-22733 vulnerabilities
Vulnerabilities for packages: apache-nifi-registry...
ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.6.0) +719 more potentially affected by CVE-2026-22733 via org.springframework.boot:spring-boot-actuator-autoconfigure (>=4.0.0-M1 <=4.0.3)
org.springframework.boot:spring-boot-actuator-autoconfigure MAVEN version =4.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =3.1.0, =3.3.0 and more Source cves: CVE-2026-22733 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKBOOT-15701...
ai.ancf.lmos:arc-runner (>=0.1.1 <=0.114.0), ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.6.0) +4737 more potentially affected by CVE-2026-22733 via org.springframework.boot:spring-boot-actuator (>=3.0.0 <=3.5.11)
org.springframework.boot:spring-boot-actuator MAVEN version =3.0.0, =0.1.1, =0.0.4, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.0, =1.0.0, =cloud-0.1, =0.1.0, =0.0.1, =0.0.2 and more Source cves: CVE-2026-22733 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKBOOT-15701836...
ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.6.0) +778 more potentially affected by CVE-2026-22733 via org.springframework.boot:spring-boot-actuator (>=4.0.0-M1 <=4.0.3)
org.springframework.boot:spring-boot-actuator MAVEN version =4.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =3.1.0, =3.3.0 and more Source cves: CVE-2026-22733 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKBOOT-15701836...
ch.admin.bit.jeap.jme:jme-spring-boot-integration-test-it (>=1.0.0 <=1.0.1), ch.admin.bit.jeap:jeap-archrepo-instance (>=4.17.0 <=4.22.0) +1074 more potentially affected by CVE-2026-22733 via org.springframework.boot:spring-boot-starter-actuator (>=3.5.0 <=3.5.11)
org.springframework.boot:spring-boot-starter-actuator MAVEN version =3.5.0, =1.0.0, =4.17.0, =4.17.0, =4.17.0, =3.14.0, =3.14.0, =3.14.0, =0.0.1, =0.0.13, =0.0.1, =0.0.1, =2.43.0, =4.14.0, =4.14.0, =4.14.0, =4.18.0 and more Source cves: CVE-2026-22733 Source advisory: OSV:GHSA-MGVC-8Q2H-5PGC...
ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.6.0) +687 more potentially affected by CVE-2026-22733 via org.springframework.boot:spring-boot-starter-actuator (>=4.0.0-M1 <=4.0.3)
org.springframework.boot:spring-boot-starter-actuator MAVEN version =4.0.0-M1, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =3.1.0, =3.3.0 and more Source cves: CVE-2026-22733 Source advisory: OSV:GHSA-MGVC-8Q2H-5PGC...
ai.foremast.metrics:foremast-spring-boot-15x-starter (>=0.1.8 <=0.1.12), ai.foremast.metrics:foremast-spring-boot-1x-k8s-metrics-starter (>=0.1.6 <=0.1.7) +7663 more potentially affected by CVE-2026-22733 via org.springframework.boot:spring-boot-starter-actuator (>=1.0.0.RELEASE <=2.7.18)
org.springframework.boot:spring-boot-starter-actuator MAVEN version =1.0.0.RELEASE, =0.1.8, =0.1.6, =0.1.2, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =j8.2.2.0, =j8.2.2.0, =j8.2.2.0, =j8.2.2.0, =j8.2.2.0, =j11.2.6.2 and more Source cves: CVE-2026-22733 Source advisory:...
CVE-2026-22733
Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints. This issue affects Spring Security: from 4.0.0 through 4.0.3, from...
CVE-2026-22733
Summary of CVE-2026-22733 : Affected are Spring Boot applications using Actuator with a misconfigured endpoint under the CloudFoundry Actuator path. The issue is described as an Authentication Bypass in several Spring Security versions (2.7.0–2.7.31, 3.3.0–3.3.17, 3.4.0–3.4.14, 3.5.0–3.5.11, 4.0....