CVE-2026-22747

Name of the Vulnerable Software and Affected Versions Spring Spring Security versions 7.0.0 through 7.0.4

Description The SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values. This flaw can lead to the system reading the incorrect username, allowing an attacker using a carefully crafted certificate to impersonate another user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.