Lucene search
K

5 matches found

Chainguard
Chainguard
added 2026/04/30 7:17 p.m.6 views

CVE-2026-22747 vulnerabilities

Vulnerabilities for packages: camunda-zeebe, apache-nifi, apache-nifi-registry...

8.1CVSS5.9AI score0.00296EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/27 12:53 p.m.5 views

CVE-2026-22747

A flaw was found in Spring Security. This vulnerability allows a remote attacker to impersonate another user. The SubjectX500PrincipalExtractor component incorrectly handles certain malformed X.509 certificate Common Name CN values, which can lead to the system reading an incorrect username. By...

8.1CVSS5.5AI score0.00296EPSS
Exploits0References4
Circl
Circl
added 2026/04/22 8:49 a.m.5 views

CVE-2026-22747

creationtimestamp| type| source ---|---|--- 2026-04-22 08:49:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mk34ilz6jn2i 2026-04-22 12:45:24+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mk3jnvyvfq2h 2026-04-28 14:00:04+00:00| published-proof-of-concept|...

8.1CVSS4.8AI score0.00296EPSS
Exploits0References3
CVE
CVE
added 2026/04/22 5:8 a.m.42 views

CVE-2026-22747

Summary : CVE-2026-22747 affects Spring Security 7.0.0–7.0.4. The issue is in SubjectX500PrincipalExtractor’s handling of certain malformed X.509 certificate CN values, which can cause the system to read the wrong username value and potentially allow attacker impersonation of another user. The co...

8.1CVSS5.8AI score0.00296EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2026/04/22 12:0 a.m.6 views

CVE-2026-22747

Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user...

8.1CVSS5.8AI score0.00296EPSS
Exploits0References1
Rows per page
Query Builder