EUVD-2026-35886

An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository saml2assertingpartymetadata may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials verificationcredentials and...

CVE-2026-40993

An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository saml2assertingpartymetadata may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials verificationcredentials and...

CVE-2026-40993

The CVE-2026-40993 issue affects Spring Security 7.0.0–7.0.5. Affected component: JdbcAssertingPartyMetadataRepository (table saml2_asserting_party_metadata). Root cause: unfiltered Java native deserialization of the BLOBs in verification_credentials and encryption_credentials. Impact: an attacke...

PT-2026-48307

An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository saml2 asserting party metadata may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials verification credentials an...