2 matches found
Certificate Impersonation
spring-security-web is vulnerable to certificate impersonation. The vulnerability is due to improper parsing of malformed X.509 certificate CN values in SubjectX500PrincipalExtractor, which can result in extracting an incorrect username and allow attackers to impersonate another user...
CVE-2026-22747
A flaw was found in Spring Security. This vulnerability allows a remote attacker to impersonate another user. The SubjectX500PrincipalExtractor component incorrectly handles certain malformed X.509 certificate Common Name CN values, which can lead to the system reading an incorrect username. By...