CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

8 matches found

Veracode•added 2026/04/30 7:25 a.m.•3 views

Improper Authentication

org.springframework.security:spring-security-oauth2-jose is vulnerable to Improper Authentication. The vulnerability is due to missing configuration of a JWT validator when using NimbusJwtDecoder or NimbusReactiveJwtDecoder, which allows an attacker to bypass token validation with crafted JWTs...

6.5CVSS5.2AI score0.00075EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/04/25 10:49 a.m.•3 views

CVE-2026-22748

A flaw was found in Spring Security. When an application is configured to decode JSON Web Tokens JWTs using NimbusJwtDecoder or NimbusReactiveJwtDecoder, it may not properly validate these tokens if an OAuth2TokenValidator is not explicitly configured. This oversight could allow an attacker with...

6.5CVSS5.3AI score0.00075EPSS

Exploits0References4

Github Security Blog•added 2026/04/22 6:30 a.m.•4 views

Spring Security has Potential Security Misconfiguration when Using withIssuerLocation

Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator separately, for example by calling setJwtValidator. This issue affects Spring Security: from 6.3.0 through 6.3.14, from...

6.5CVSS5.1AI score0.00075EPSS

Exploits0References3Affected Software1

NVD•added 2026/04/22 6:16 a.m.•1 views

CVE-2026-22748

Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator separately, for example by calling setJwtValidator.This issue affects Spring Security: from 6.3.0 through 6.3.14, from...

6.5CVSS0.00075EPSS

Exploits0References1

Vulnrichment•added 2026/04/22 5:15 a.m.•1 views

CVE-2026-22748 Potential Security Misconfiguration when Using withIssuerLocation

Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator separately, for example by calling setJwtValidator.This issue affects Spring Security: from 6.3.0 through 6.3.14, from...

5.3CVSS5.7AI score0.00075EPSS

Exploits0References1

CVE•added 2026/04/22 5:15 a.m.•7 views

CVE-2026-22748

CVE-2026-22748 affects Spring Security when JWT decoding uses NimbusJwtDecoder or NimbusReactiveJwtDecoder and an OAuth2TokenValidator is not configured separately (e.g., via setJwtValidator). Impact is that the issue can affect authentication integrity (I) with MEDIUM overall severity (CVSS v3.1...

6.5CVSS5.7AI score0.00075EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/04/22 5:15 a.m.•24 views

CVE-2026-22748 Potential Security Misconfiguration when Using withIssuerLocation

Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator separately, for example by calling setJwtValidator.This issue affects Spring Security: from 6.3.0 through 6.3.14, from...

5.3CVSS0.00075EPSS

Exploits0References1

Positive Technologies•added 2026/04/22 12:0 a.m.•1 views

PT-2026-34252

Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator separately, for example by calling setJwtValidator.This issue affects Spring Security: from 6.3.0 through 6.3.14, from...

5.3CVSS5.7AI score0.00075EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by