5 matches found
CVE-2026-22747 vulnerabilities
Vulnerabilities for packages: camunda-zeebe, apache-nifi, apache-nifi-registry...
CVE-2026-22747
A flaw was found in Spring Security. This vulnerability allows a remote attacker to impersonate another user. The SubjectX500PrincipalExtractor component incorrectly handles certain malformed X.509 certificate Common Name CN values, which can lead to the system reading an incorrect username. By...
CVE-2026-22747
creationtimestamp| type| source ---|---|--- 2026-04-22 08:49:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mk34ilz6jn2i 2026-04-22 12:45:24+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mk3jnvyvfq2h 2026-04-28 14:00:04+00:00| published-proof-of-concept|...
CVE-2026-22747
Summary : CVE-2026-22747 affects Spring Security 7.0.0–7.0.4. The issue is in SubjectX500PrincipalExtractor’s handling of certain malformed X.509 certificate CN values, which can cause the system to read the wrong username value and potentially allow attacker impersonation of another user. The co...
CVE-2026-22747
Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user...