Security Bulletin: DevOps Test Performance contains a vulnerability due to use of Spring Boot

Summary Due to use of Spring Boot, DevOps Test Performance and Rational Performance Tester contain a potential authentication bypass vulnerability. Vulnerability Details CVEID:CVE-2026-22731 DESCRIPTION: Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass"...

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the Actuator CloudFoundry endpoints. An attacker can gain unauthorized access to protected endpoints by sending requests to application endpoints declared under the CloudFound...

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the Actuator CloudFoundry endpoints. An attacker can gain unauthorized access to protected endpoints by sending requests to application endpoints declared under the CloudFound...

CVE-2026-22733 Authentication Bypass under Actuator CloudFoundry endpoints

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints. This issue affects Spring Security: from 4.0.0 through 4.0.3, from...

CVE-2026-22733

Summary of CVE-2026-22733 : Affected are Spring Boot applications using Actuator with a misconfigured endpoint under the CloudFoundry Actuator path. The issue is described as an Authentication Bypass in several Spring Security versions (2.7.0–2.7.31, 3.3.0–3.3.17, 3.4.0–3.4.14, 3.5.0–3.5.11, 4.0....

CVE-2026-22733 Authentication Bypass under Actuator CloudFoundry endpoints

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints. This issue affects Spring Security: from 4.0.0 through 4.0.3, from...

PT-2026-26453

Name of the Vulnerable Software and Affected Versions Spring Security versions 4.0.0 through 4.0.3 Spring Security versions 3.5.0 through 3.5.11 Spring Security versions 3.4.0 through 3.4.14 Spring Security versions 3.3.0 through 3.3.17 Spring Security versions 2.7.0 through 2.7.31 Description...