Authentication Bypass Vulnerability in Spring Authorization Server
CVE-2026-22752

9.6CRITICAL

Key Information:

Vendor
CVE Published:
16 July 2026

What is CVE-2026-22752?

The Spring Authorization Server is vulnerable due to an authentication bypass issue that stems from a primary weakness in Spring Security. This vulnerability may allow unauthorized users to gain access and perform actions without proper authentication under certain conditions. All users utilizing affected versions of Spring Authorization Server must review and remediate to safeguard their systems.

Affected Version(s)

Spring Authorization Server 7.0.0 <= 7.0.4

Spring Authorization Server 1.5.0 <= 1.5.6

Spring Authorization Server 1.4.0 <= 1.4.9

References

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.