Vulnerability in Spring Security Affects User Authentication
CVE-2026-22747

6.8MEDIUM

Key Information:

Vendor: Spring
Status: Spring Security
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-22747?

A vulnerability in Spring Security allows malformed X.509 certificate CN values to be incorrectly processed, potentially leading to unauthorized user impersonation. By exploiting this flaw, an attacker could present a specially crafted certificate that misrepresents another user's identity, posing significant risks to system integrity and user privacy. It is crucial for organizations using affected versions of Spring Security to assess their exposure and apply necessary updates to mitigate this risk.

Affected Version(s)

Spring Security 7.0.0 <= 7.0.4

References

https://spring.io/security/cve-2026-22747

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Jan 9, 2026

CVE-2026-22747 Data

JSON