30 matches found
CVE-2026-41856
The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within type hierarchies. This can be an issue if such annotations are used for authorization decisions. When all conditions are met, security annotations can be ignored...
CVE-2026-41856
CVE-2026-41856 affects Spring GraphQL’s annotation detection for @Controller data fetchers, where resolution of annotations in type hierarchies may be incorrect. This can lead to security annotations being ignored at runtime when all conditions are met and annotations are used for authorization d...
CVE-2026-41856 Spring GraphQL Annotation Detection Vulnerability
The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within type hierarchies. This can be an issue if such annotations are used for authorization decisions. When all conditions are met, security annotations can be ignored...
CVE-2026-41856 Spring GraphQL Annotation Detection Vulnerability
The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within type hierarchies. This can be an issue if such annotations are used for authorization decisions. When all conditions are met, security annotations can be ignored...
VMware Spring for GraphQL 访问控制错误漏洞
VMware Spring for GraphQL is a GraphQL application development framework provided by the American company VMware. Versions of VMware Spring for GraphQL such as 2.0.0 and earlier, 1.4.0 and earlier, 1.3.0 and earlier, as well as 1.0.0 and earlier, have a access control vulnerability. This...
CVE-2026-41856: Spring GraphQL Annotation Detection Vulnerability
The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within type hierarchies. This can be an issue if such annotations are used for authorization decisions. Spring for GraphQL application are vulnerable when all the...
Incorrect Authorization
Overview org.springframework.graphql:spring-graphql is a GraphQL Support for Spring Applications Affected versions of this package are vulnerable to Incorrect Authorization via annotation resolution for @Controller data fetchers in Spring GraphQL. An attacker can bypass authorization checks when...
EUVD-2025-29538
Malicious code in bioql PyPI...
EUVD-2025-15999
Malicious code in bioql PyPI...
EUVD-2025-7998
Malicious code in bioql PyPI...
Spring Security annotation detection mechanism has authorization bypass
The Spring Security annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue when using @PreAuthorize and other method security annotations, resulting in an authorization...
CVE-2025-41249
The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...
CVE-2025-41249
The Spring Framework annotation detection mechanism may not correctly resolve annotations on methods within type hierarchies with a parameterized super type with unbounded generics. This can be an issue if such annotations are used for authorization decisions. Your application may be affected by...
Security Bulletin: Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations. This may cause an authorization bypass, which affects IBM watsonx.data
Summary Spring Security 6.4.0 - 6.4.3 may not correctly locate method security annotations on parameterized types or methods. This may cause an authorization bypass. You are not affected if you are not using @EnableMethodSecurity, or you do not have method security annotations on parameterized...
GHSA-9PP5-9C7G-4R83 Spring Security authorization bypass for method security annotations on private methods
Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecuritymode=ASPECTJ and spring-security-aspects, and You have...
Spring Security authorization bypass for method security annotations on private methods
Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecuritymode=ASPECTJ and spring-security-aspects, and You have...
CVE-2025-41232
Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecuritymode=ASPECTJ and spring-security-aspects, and You have...
CVE-2025-41232 CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods
Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecuritymode=ASPECTJ and spring-security-aspects, and You have...
CVE-2025-41232 CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods
Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: You are using @EnableMethodSecuritymode=ASPECTJ and spring-security-aspects, and You have...
PT-2025-22336 · Spring · Spring Security Aspects
Name of the Vulnerable Software and Affected Versions: Spring Security Aspects affected versions not specified Description: The issue concerns Spring Security Aspects not correctly locating method security annotations on private methods, potentially causing an authorization bypass. This can affec...