CVE-2026-40997
The CVE-2026-40997 issue affects Spring Web Services: versions 5.0.0–5.0.1, 4.1.0–4.1.3, 4.0.0–4.0.18, and 3.1.0–3.1.8. The vulnerability arises when several Spring WS integration paths with Spring Security reveal detailed account state (e.g., locked or disabled user semantics) to remote SOAP cli...