4 matches found
EUVD-2026-35886
An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository saml2assertingpartymetadata may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials verificationcredentials and...
CVE-2026-40993
An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository saml2assertingpartymetadata may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials verificationcredentials and...
CVE-2026-40993
The CVE-2026-40993 issue affects Spring Security 7.0.0–7.0.5. Affected component: JdbcAssertingPartyMetadataRepository (table saml2_asserting_party_metadata). Root cause: unfiltered Java native deserialization of the BLOBs in verification_credentials and encryption_credentials. Impact: an attacke...
PT-2026-48307
Name of the Vulnerable Software and Affected Versions Spring Security versions 7.0.0 through 7.0.5 Description An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository saml2 asserting party metadata can store malicious serialized payloads. This occu...