CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

41 matches found

Veracode•added 2026/04/29 11:31 a.m.•4 views

Authorization Bypass

spring-security-config is vulnerable to Authorization Bypass. The vulnerability is due to incorrect handling of the servlet-path attribute in , where the servlet path is not included when computing the path matcher, causing defined authorization rules to be skipped and allowing unauthorized acces...

7.5CVSS5.1AI score0.00055EPSS

Exploits0References2Affected Software1

RedhatCVE•added 2026/04/27 12:48 p.m.•1 views

CVE-2026-22754

A flaw was found in Spring Security. When an application uses to define authorization rules, the servlet path may not be correctly included in the path matcher. This oversight can lead to an authorization bypass, allowing a remote attacker to access protected resources without proper authenticati...

7.5CVSS5.4AI score0.00055EPSS

Exploits0References4

Snyk•added 2026/04/22 12:26 p.m.•1 views

Access Control Bypass

Overview org.springframework.security:spring-security-config is a security configuration package for Spring Framework. Affected versions of this package are vulnerable to Access Control Bypass in the securityMatchers component when a PathPatternRequestMatcher.Builder bean is used to prepend a...

8.7CVSS5.5AI score0.00063EPSS

Exploits0References2

Snyk•added 2026/04/22 12:24 p.m.•1 views

Access Control Bypass

Overview org.springframework.security:spring-security-config is a security configuration package for Spring Framework. Affected versions of this package are vulnerable to Access Control Bypass in the XML authorization rules processing when the servlet-path attribute is used. An attacker can gain...

8.7CVSS5.4AI score0.00055EPSS

Exploits0References2

EUVD•added 2026/04/22 6:30 a.m.•2 views

EUVD-2026-24612

Vulnerability in Spring Spring Security. If an application uses to define the servlet path for computing a path matcher, then the servlet path is not included and the related authorization rules are not exercised. This can lead to an authorization bypass.This issue affects Spring Security: from...

7.5CVSS5.8AI score0.00055EPSS

Exploits0References2

OSV•added 2026/04/22 6:30 a.m.•1 views

GHSA-4VRC-J85C-598C Spring Security Doesn't Correctly Include Servlet Path in Path Matching of XML Authorization Rules

7.5CVSS5.8AI score0.00055EPSS

Exploits0References3

Github Security Blog•added 2026/04/22 6:30 a.m.•2 views

Spring Security Doesn't Correctly Include Servlet Path in Path Matching of XML Authorization Rules

7.5CVSS5.2AI score0.00055EPSS

Exploits0References3Affected Software1

OSV•added 2026/04/22 6:30 a.m.•0 views

GHSA-4WRG-8WPC-H923 Spring Security Doesn't Correctly Include Servlet Path in Path Matching of HttpSecurity#securityMatchers

Vulnerability in Spring Spring Security. If an application is using securityMatchersString and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components will not be exercised as intended by the...

7.5CVSS5.8AI score0.00063EPSS

Exploits0References3

Github Security Blog•added 2026/04/22 6:30 a.m.•3 views

Spring Security Doesn't Correctly Include Servlet Path in Path Matching of HttpSecurity#securityMatchers

7.5CVSS5.2AI score0.00063EPSS

Exploits0References3Affected Software1

NVD•added 2026/04/22 6:16 a.m.•3 views

CVE-2026-22753

7.5CVSS0.00063EPSS

Exploits0References1

NVD•added 2026/04/22 6:16 a.m.•2 views

CVE-2026-22754

7.5CVSS0.00055EPSS

Exploits0References1

Vulnrichment•added 2026/04/22 5:32 a.m.•2 views

CVE-2026-22754 ervlet Path Not Correctly Included in Path Matching of XML Authorization Rules

7.5CVSS5.8AI score0.00055EPSS

Exploits0References1

CVE•added 2026/04/22 5:32 a.m.•13 views

CVE-2026-22754

CVE-2026-22754 affects Spring Security 7.0.0–7.0.4. When an application uses to define the servlet path for a path matcher, the servlet path is not included and related authorization rules may not be exercised, potentially allowing an authorization bypass. The description provides the vulnerabil...

7.5CVSS5.8AI score0.00055EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/04/22 5:32 a.m.•2 views

CVE-2026-22754

7.5CVSS5.8AI score0.00055EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/04/22 5:32 a.m.•25 views

CVE-2026-22754 ervlet Path Not Correctly Included in Path Matching of XML Authorization Rules

7.5CVSS0.00055EPSS

Exploits0References1

CVE•added 2026/04/22 5:20 a.m.•11 views

CVE-2026-22753

Spring Security CVE-2026-22753 affects versions 7.0.0 to 7.0.4 where using securityMatchers(String) together with a PathPatternRequestMatcher.Builder bean to prepend a servlet path can cause requests to fail matching against the filter chain, potentially rendering authentication, authorization, a...

7.5CVSS5.8AI score0.00063EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/04/22 5:20 a.m.•3 views

CVE-2026-22753

7.5CVSS5.8AI score0.00063EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/04/22 5:20 a.m.•27 views

CVE-2026-22753 Servlet Path Not Correctly Included in Path Matching of HttpSecurity#securityMatchers

7.5CVSS0.00063EPSS

Exploits0References1

Vulnrichment•added 2026/04/22 5:20 a.m.•1 views

CVE-2026-22753 Servlet Path Not Correctly Included in Path Matching of HttpSecurity#securityMatchers

7.5CVSS5.8AI score0.00063EPSS

Exploits0References1

Positive Technologies•added 2026/04/22 12:0 a.m.•1 views

PT-2026-34254

Name of the Vulnerable Software and Affected Versions Spring Security versions 7.0.0 through 7.0.4 Description An issue exists where the servlet path is not included when computing a path matcher if an application uses '' to define the servlet path. Consequently, the related authorization rules a...

7.5CVSS5.2AI score0.00055EPSS

Exploits0References7

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by