Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/06/09 11:46 p.m.9 views

CVE-2026-40988 Unbounded DEFLATE Inflation in SAML 2.0 Service Provider

An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory. Affected versions: Spring Security 5.7.0 through 5.7.23;...

7.5CVSS5.4AI score0.00331EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 11:46 p.m.37 views

CVE-2026-40988 Unbounded DEFLATE Inflation in SAML 2.0 Service Provider

An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory. Affected versions: Spring Security 5.7.0 through 5.7.23;...

7.5CVSS0.00331EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:46 p.m.86 views

CVE-2026-40988

CVE-2026-40988 refers to an issue in the use of the REDIRECT binding for SAML 2.0 Login/Logout with the Spring Security SAML2 Service Provider, where an unbounded writer can inflate the compressed SAML payload in memory, causing a denial of service. The vulnerability affects Spring Security versi...

7.5CVSS5.5AI score0.00331EPSS
Exploits0References1Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2026/06/09 12:0 a.m.7 views

CVE-2026-40988: Unbounded DEFLATE Inflation in SAML 2.0 Service Provider

An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory...

7.5CVSS5.2AI score0.00331EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder