CLEANSTART-2026-GN46454 When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written

Multiple security vulnerabilities affect the apache-nifi package. When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. See references for individual vulnerability details...

Improper Access Control

Spring Security is vulnerable to Improper Access Control. The vulnerability is due to incorrect request matching when using securityMatchersString with a PathPatternRequestMatcher.Builder that prepends a servlet path, causing requests to bypass the intended filter chain and leaving authentication...

Certificate Impersonation

spring-security-web is vulnerable to certificate impersonation. The vulnerability is due to improper parsing of malformed X.509 certificate CN values in SubjectX500PrincipalExtractor, which can result in extracting an incorrect username and allow attackers to impersonate another user...

Authorization Bypass

spring-security-config is vulnerable to Authorization Bypass. The vulnerability is due to incorrect handling of the servlet-path attribute in , where the servlet path is not included when computing the path matcher, causing defined authorization rules to be skipped and allowing unauthorized acces...

Time-of-check Time-of-use

Spring Security is vulnerable to a Time-of-check Time-of-use race condition. The vulnerability is due to a Time-of-Check Time-of-Use TOCTOU issue in JdbcOneTimeTokenService, where token validation and usage are not performed atomically, allowing attackers to reuse or race token consumption and...

CVE-2026-22747

A flaw was found in Spring Security. This vulnerability allows a remote attacker to impersonate another user. The SubjectX500PrincipalExtractor component incorrectly handles certain malformed X.509 certificate Common Name CN values, which can lead to the system reading an incorrect username. By...

CVE-2026-22754

A flaw was found in Spring Security. When an application uses to define authorization rules, the servlet path may not be correctly included in the path matcher. This oversight can lead to an authorization bypass, allowing a remote attacker to access protected resources without proper authenticati...

CVE-2026-40978

creationtimestamp| type| source ---|---|--- 2026-04-27 11:57:47+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/spring-security-advisory-av26-397 2026-04-28 12:17:24+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mkkkritijh27 2026-04-29 19:07:08+00:00| seen|...

CVE-2026-40967

creationtimestamp| type| source ---|---|--- 2026-04-27 11:57:47+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/spring-security-advisory-av26-397 2026-04-28 05:17:59+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mkjthfhfzr2u 2026-04-28 12:15:14+00:00| seen|...

Security Bulletin: Maximo AI Service uses multiple third party dependencies which is vulnerable to multiple CVEs.

Summary Maximo AI Service uses nltk-3.9.1-py3-none-any.whl, mlflow-3.1.0-py3-none-any.whl, and spring-security-web-6.5.7.jar, which are vulnerable to CVE-2025-14009, CVE-2026-2635, CVE-2026-0848, and CVE-2026-22732. This bulletin contains information regarding how to address the vulnerabilities...

CVE-2026-22748

A flaw was found in Spring Security. When an application is configured to decode JSON Web Tokens JWTs using NimbusJwtDecoder or NimbusReactiveJwtDecoder, it may not properly validate these tokens if an OAuth2TokenValidator is not explicitly configured. This oversight could allow an attacker with...

CVE-2026-22753

A flaw was found in Spring Security. When an application uses specific configurations involving securityMatchersString and PathPatternRequestMatcher.Builder to handle servlet paths, the intended security controls may not be applied. This can result in a security bypass, where authentication and...

CVE-2026-22746

A flaw was found in Spring Security. If an application uses the UserDetailsisEnabled, isAccountNonExpired, or isAccountNonLocked user attributes, an attacker can bypass the DaoAuthenticationProvider's timing attack defense. This bypass allows an attacker to potentially gain limited information...

CVE-2026-22751

A flaw was found in Spring Security, specifically in applications configured for One-Time Token login using JdbcOneTimeTokenService. This vulnerability is due to a Time-of-check Time-of-use TOCTOU race condition. A remote attacker with high attack complexity could exploit this flaw to achieve low...

be.appify.prefab:prefab-security (>=0.2.0 <=0.7.5), ch.admin.bit.jeap:jeap-audit-command-builder (>=7.0.0-alpha-springboot4 <=7.1.0-alpha-springboot4) +304 more potentially affected by CVE-2026-22748 via org.springframework.security:spring-security-oauth2-jose (>=7.0.0-M1 <=7.0.4)

org.springframework.security:spring-security-oauth2-jose MAVEN version =7.0.0-M1, =0.2.0, =7.0.0-alpha-springboot4, =2.0.0-alpha-springboot4, =5.0.0-alpha-springboot4, =9.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4,...

app.valuationcontrol:library (>=0.5.2 <=0.5.5), app.valuationcontrol:webservice (>=0.5.0 <=0.5.1) +981 more potentially affected by CVE-2026-22748 via org.springframework.security:spring-security-oauth2-jose (>=6.0.0 <=6.5.1)

org.springframework.security:spring-security-oauth2-jose MAVEN version =6.0.0, =0.5.2, =0.5.0, =7.0.0, =1.0.0, =1.10.0, =1.10.0, =1.10.0, =1.0.0, =1.55.1, =1.55.1, =3.1.0, =3.1.0, =8.4.0, =1.0.0, =17.16.0, =17.39.3 and more Source cves: CVE-2026-22748 Source advisory:...

be.appify.prefab:prefab-security (>=0.2.0 <=0.7.5), ch.admin.bit.jeap:jeap-audit-command-builder (>=7.0.0-alpha-springboot4 <=7.1.0-alpha-springboot4) +822 more potentially affected by CVE-2026-22753 via org.springframework.security:spring-security-config (>=7.0.0-M1 <=7.0.4)

org.springframework.security:spring-security-config MAVEN version =7.0.0-M1, =0.2.0, =7.0.0-alpha-springboot4, =2.0.0-alpha-springboot4, =5.0.0-alpha-springboot4, =9.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4,...

Insufficient Verification of Data Authenticity

Overview org.springframework.security:spring-security-oauth2-jose is a provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the withIssuerLocation component. An attacker can bypass intended...

ai.langsa:ccaas-starter (>=cloud-0.1 <=cloud-0.3), ai.langsa:pom-ccaas-langsa (=0.1) +5104 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=6.0.0 <=6.5.1)

org.springframework.security:spring-security-core MAVEN version =6.0.0, =cloud-0.1, =0.5.2, =0.5.0, =0.0.1, =55.v51410e712e0c, =7.0.0, =2.0.0, =1.5.1.RELEASE, =1.0.0, =1.0.0, =1.2.1 and more Source cves: CVE-2026-22746 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKSECURITY-16121176...

be.appify.prefab:prefab-security (>=0.2.0 <=0.7.5), ch.admin.bit.jeap:jeap-audit-command-builder (>=7.0.0-alpha-springboot4 <=7.1.0-alpha-springboot4) +1085 more potentially affected by CVE-2026-22746 via org.springframework.security:spring-security-core (>=7.0.0-M1 <=7.0.4)

org.springframework.security:spring-security-core MAVEN version =7.0.0-M1, =0.2.0, =7.0.0-alpha-springboot4, =2.0.0-alpha-springboot4, =5.0.0-alpha-springboot4, =9.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4, =22.0.0-alpha-springboot4,...