1123 matches found
CVE-2026-22733 Authentication Bypass under Actuator CloudFoundry endpoints
Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints. This issue affects Spring Security: from 4.0.0 through 4.0.3, from...
CVE-2026-22733 Authentication Bypass under Actuator CloudFoundry endpoints
Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints. This issue affects Spring Security: from 4.0.0 through 4.0.3, from...
CVE-2026-22732
When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security Servlet applications using lazy default writing of HTTP Headers: : from 5.7.0 through 5.7.21, from...
CVE-2026-22732 Under Some Conditions Spring Security HTTP Headers Are not Written
When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security Servlet applications using lazy default writing of HTTP Headers: : from 5.7.0 through 5.7.21, from...
CVE-2026-22732 Under Some Conditions Spring Security HTTP Headers Are not Written
When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security Servlet applications using lazy default writing of HTTP Headers: : from 5.7.0 through 5.7.21, from...
CVE-2026-22732
When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security Servlet applications using lazy default writing of HTTP Headers: : from 5.7.0 through 5.7.21, from...
CVE-2026-22732
CVE-2026-22732 affects Spring Security; multiple non-legacy branches are impacted where HTTP response headers for servlet applications may not be written. Affected versions include 5.7.0–5.7.21, 5.8.0–5.8.23, 6.3.0–6.3.14, 6.4.0–6.4.14, 6.5.0–6.5.8, and 7.0.0–7.0.3. The description indicates a he...
CVE-2026-22733
creationtimestamp| type| source ---|---|--- 2026-03-19 18:03:42+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/spring-security-advisory-av26-259 2026-03-21 03:00:03+00:00| seen| https://spring.io/security/cve-2026-22733 2026-03-21 03:34:16+00:00| seen|...
Spring Security 安全漏洞
Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. There is a security vulnerability in Spring Security, which occurs when using Spring Security to specify HTTP response headers for servlet applications, and the HTTP...
PT-2026-26453
Name of the Vulnerable Software and Affected Versions Spring Security versions 4.0.0 through 4.0.3 Spring Security versions 3.5.0 through 3.5.11 Spring Security versions 3.4.0 through 3.4.14 Spring Security versions 3.3.0 through 3.3.17 Spring Security versions 2.7.0 through 2.7.31 Description...
PT-2026-26435
Name of the Vulnerable Software and Affected Versions Spring Security versions 5.7.0 through 5.7.21 Spring Security versions 5.8.0 through 5.8.23 Spring Security versions 6.3.0 through 6.3.14 Spring Security versions 6.4.0 through 6.4.14 Spring Security versions 6.5.0 through 6.5.8 Spring Securit...
EUVD-2026-10499
An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without ...
Vaadin Vulnerable to Authentication Bypass When Accessing the /VAADIN Endpoint Without a Trailing Slash
An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without ...
EUVD-2026-10498
An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without ...
GHSA-RJGH-WGC7-M37J Vaadin Vulnerable to Authentication Bypass When Accessing the /VAADIN Endpoint Without a Trailing Slash
An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without ...
CVE-2026-2742
An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without ...
CVE-2026-2742
An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without ...
CVE-2026-2742
Summary of CVE-2026-2742 : Vaadin flow-server contains an authentication bypass via the /VAADIN endpoint when accessed without a trailing slash, allowing unauthenticated users to trigger framework initialization and create sessions. Affected products/versions include Vaadin 14.0.0–14.14.0, 23.0.0...
CVE-2026-2742 Unauthorized session creation via reserved framework path access
An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without ...
CVE-2026-2742
An authentication bypass vulnerability exists in Vaadin 14.0.0 through 14.14.0, 23.0.0 through 23.6.6, 24.0.0 through 24.9.7 and 25.0.0 through 25.0.1, applications using Spring Security due to inconsistent path pattern matching of reserved framework paths. Accessing the /VAADIN endpoint without ...