Security Vulnerability in Spring Security from Spring Framework
CVE-2026-22753

7.5HIGH

Key Information:

Vendor: Spring
Status: Spring Security
Vendor: CVE Published:; 22 April 2026

What is CVE-2026-22753?

A security vulnerability exists in Spring Security that affects applications utilizing the securityMatchers(String) method and a PathPatternRequestMatcher.Builder bean. When configured improperly, this flaw may prevent matching requests from being processed correctly, leading to potential inactivation of critical authentication and authorization processes. Applications reliant on these security measures may inadvertently expose themselves to various security risks. This issue affects Spring Security versions from 7.0.0 up to 7.0.4, necessitating prompt attention from developers and system administrators.

Affected Version(s)

Spring Security 7.0.0 <= 7.0.4

References

https://spring.io/security/cve-2026-22753

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 22, 2026
Vulnerability Reserved
Jan 9, 2026

CVE-2026-22753 Data

JSON