CVE-2026-22732 Under Some Conditions Spring Security HTTP Headers Are not Written

When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security Servlet applications using lazy default writing of HTTP Headers: : from 5.7.0 through 5.7.21, from...

CVE-2026-22732 Under Some Conditions Spring Security HTTP Headers Are not Written

When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security Servlet applications using lazy default writing of HTTP Headers: : from 5.7.0 through 5.7.21, from...

CVE-2026-22732

When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security Servlet applications using lazy default writing of HTTP Headers: : from 5.7.0 through 5.7.21, from...

CVE-2026-22732

CVE-2026-22732 affects Spring Security; multiple non-legacy branches are impacted where HTTP response headers for servlet applications may not be written. Affected versions include 5.7.0–5.7.21, 5.8.0–5.8.23, 6.3.0–6.3.14, 6.4.0–6.4.14, 6.5.0–6.5.8, and 7.0.0–7.0.3. The description indicates a he...

CVE-2026-22731

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: from 4.0 before...

CVE-2026-22731 Authentication Bypass under Actuator Health groups paths

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: from 4.0 before...

CVE-2026-22731

CVE-2026-22731 affects Spring Boot applications with Actuator. An endpoint that requires authentication, when declared under a specific path already configured for a Health Group additional path, can allow an authentication bypass. Affected versions include Spring Boot 4.0 before 4.0.3, 3.5 befor...

CVE-2026-22733

creationtimestamp| type| source ---|---|--- 2026-03-19 18:03:42+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/spring-security-advisory-av26-259 2026-03-21 03:00:03+00:00| seen| https://spring.io/security/cve-2026-22733 2026-03-21 03:34:16+00:00| seen|...

VMware Spring Boot 安全漏洞

VMware Spring Boot is an open-source framework developed by VMware, a US-based company. Versions of VMware Spring Boot prior to 4.0.3, 3.5.11, and 3.4.15 contained security vulnerabilities. These vulnerabilities stemmed from applications that required authentication when specific paths were...

ai.platon.pulsar:pulsar-e2e-tests (>=4.5.0 <=4.6.0), ai.platon.pulsar:pulsar-it-tests (>=4.5.0 <=4.6.0) +2568 more potentially affected by CVE-2026-22735 via org.springframework:spring-web (>=7.0.0 <=7.0.5)

org.springframework:spring-web MAVEN version =7.0.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =4.5.0, =2.0.0-beta-1, =0.1.1, =4.7.0, =0.2.0, =0.5.0, =0.7.0, =0.7.5 - be.appify.prefab:prefab-core =0.2.0 - be.appify.prefab:prefab-kafka =0.2.0 and more Source cves: CVE-2026-22735 Source advisory:...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview org.springframework:spring-web is a package that provides a comprehensive programming and configuration model for modern Java-based enterprise applications - on any kind of deployment platform. Affected versions of this package are vulnerable to Improper Neutralization of Special Element...

PT-2026-26454

Name of the Vulnerable Software and Affected Versions Spring Foundation versions 5.3.0 through 5.3.46 Spring Foundation versions 6.1.0 through 6.1.25 Spring Foundation versions 6.2.0 through 6.2.16 Spring Foundation versions 7.0.0 through 7.0.5 Description Spring MVC and WebFlux applications are...

Spring Security 安全漏洞

Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. There is a security vulnerability in Spring Security, which occurs when using Spring Security to specify HTTP response headers for servlet applications, and the HTTP...

PT-2026-26453

Name of the Vulnerable Software and Affected Versions Spring Security versions 4.0.0 through 4.0.3 Spring Security versions 3.5.0 through 3.5.11 Spring Security versions 3.4.0 through 3.4.14 Spring Security versions 3.3.0 through 3.3.17 Spring Security versions 2.7.0 through 2.7.31 Description...

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:arc-graphql-spring-boot-starter (>=0.1.1 <=0.120.0) +15600 more potentially affected by CVE-2026-22735 via org.springframework:spring-web (>=6.0.0 <=6.2.16)

org.springframework:spring-web MAVEN version =6.0.0, =0.2.0, =0.1.1, =0.1.1, =0.0.4, =0.1.0, =0.1.0, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.6.0, =0.6.0, =0.5.0, =0.7.0, =0.8.7 and more Source cves: CVE-2026-22735 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-15701755...

acegisecurity:acegi-security (=0.7.0), acegisecurity:acegi-security-cas (=0.7.0) +5 more potentially affected by CVE-2026-22735 via springframework:spring-web (>=1.0.1 <=1.2.1)

springframework:spring-web MAVEN version =1.0.1, =1.0-rc2, =1.0-rc3 Source cves: CVE-2026-22735 Source advisory: SNYK:JAVA-SPRINGFRAMEWORK-15701758...

VMware Spring Foundation 安全漏洞

VMware Spring Foundation is an application development framework provided by the American company VMware, which offers enterprise-level infrastructure support for application development. There are security vulnerabilities in VMware Spring Foundation versions 7.0.5 and earlier, 6.2.16 and earlier...

PT-2026-26455

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.5 Spring Framework versions 6.2.0 through 6.2.16 Spring Framework versions 6.1.0 through 6.1.25 Spring Framework versions 5.3.0 through 5.3.46 Description The use of Java scripting engine enabled...

PT-2026-26429

Name of the Vulnerable Software and Affected Versions Spring Boot versions prior to 4.0.3 Spring Boot versions prior to 3.5.11 Spring Boot versions prior to 3.4.15 Description Spring Boot applications utilizing the Actuator feature may be susceptible to an authentication bypass issue. This occurs...

acegisecurity:acegi-security (=0.7.0), acegisecurity:acegi-security-cas (=0.7.0) +4 more potentially affected by CVE-2026-22735 via springframework:spring-webmvc (>=1.1.3 <=1.2.1)

springframework:spring-webmvc MAVEN version =1.1.3, =1.0-rc2, =1.0-rc3 Source cves: CVE-2026-22735 Source advisory: SNYK:JAVA-SPRINGFRAMEWORK-15701757...