Authentication Bypass Vulnerability in Spring Authorization Server
CVE-2026-22752
9.6CRITICAL
What is CVE-2026-22752?
The Spring Authorization Server is vulnerable due to an authentication bypass issue that stems from a primary weakness in Spring Security. This vulnerability may allow unauthorized users to gain access and perform actions without proper authentication under certain conditions. All users utilizing affected versions of Spring Authorization Server must review and remediate to safeguard their systems.
Affected Version(s)
Spring Authorization Server 7.0.0 <= 7.0.4
Spring Authorization Server 1.5.0 <= 1.5.6
Spring Authorization Server 1.4.0 <= 1.4.9
