Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.16 views

CVE-2026-47838

SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. Affected versions: Spring Security 5.7....

8.1CVSS5.4AI score0.00116EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 11:50 p.m.77 views

CVE-2026-47838

Spring Security CVE-2026-47838 involves the SubjectDnX509PrincipalExtractor and malformed X.509 CN values, causing the extracted username to be read incorrectly and potentially allowing an attacker to impersonate another user. Affected versions include Spring Security 5.7.0–5.7.24; 5.8.0–5.8.26; ...

8.1CVSS5.5AI score0.00116EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/09 11:50 p.m.41 views

CVE-2026-47838 Unauthorized User Impersonation when Using X.509 Client Certificates

SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. Affected versions: Spring Security 5.7....

6.8CVSS0.00116EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 11:50 p.m.7 views

CVE-2026-47838 Unauthorized User Impersonation when Using X.509 Client Certificates

SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. Affected versions: Spring Security 5.7....

6.8CVSS5.4AI score0.00116EPSS
Exploits0References1
Rows per page
Query Builder