PT-2026-26453 · Vmware+1 · Spring Security+2

G2H

Publicado

2026-03-19

Atualizado

2026-05-24

CVE-2026-22733

CVSS v3.1

8.2

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions Spring Security versions 4.0.0 through 4.0.3 Spring Security versions 3.5.0 through 3.5.11 Spring Security versions 3.4.0 through 3.4.14 Spring Security versions 3.3.0 through 3.3.17 Spring Security versions 2.7.0 through 2.7.31

Description Spring Boot applications utilizing Actuator may experience an authentication bypass issue when an application endpoint requiring authentication is configured under the path used by CloudFoundry Actuator endpoints. This allows unauthorized access to protected resources.

Recommendations Spring Security versions 4.0.0 through 4.0.3 should be updated. Spring Security versions 3.5.0 through 3.5.11 should be updated. Spring Security versions 3.4.0 through 3.4.14 should be updated. Spring Security versions 3.3.0 through 3.3.17 should be updated. Spring Security versions 2.7.0 through 2.7.31 should be updated.

Correção

Authentication Bypass Using an Alternate Path or Channel

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-288

Identificadores relacionados

CVE-2026-22733

GHSA-MGVC-8Q2H-5PGC

Produtos afetados

Cloudfoundry Actuator

Spring Boot

Spring Security

PT-2026-26453 · Vmware+1 · Spring Security+2

CVE-2026-22733

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9