Known Vulnerabilities for Spring Security by Pivotal Software
Listed below are 8 of the newest known vulnerabilities associated with "Spring Security" by "Pivotal Software".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-47838 json | SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to re... | Not Provided | 2026-06-10 | 2026-06-11 |
| CVE-2026-45609 json | mcp-security provides Security and Authorization support for Model Context Protocol in Spring AI. Prior to 0.1.9, the mcp-sec... | Not Provided | 2026-05-29 | 2026-06-02 |
| CVE-2026-41856 json | The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on meth... | Not Provided | 2026-06-11 | 2026-06-11 |
| CVE-2026-41847 json | Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL. Affected versions: Spri... | Not Provided | 2026-06-09 | 2026-06-09 |
| CVE-2026-41706 json | Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cooki... | Not Provided | 2026-06-10 | 2026-06-10 |
| CVE-2026-41694 json | Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without req... | Not Provided | 2026-06-10 | 2026-06-10 |
| CVE-2026-41008 json | Spring Security Authorization Server's authorization endpoint performs insufficient validation of the request_uri parameter. ... | Not Provided | 2026-06-10 | 2026-06-10 |
| CVE-2026-41003 json | An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by... | Not Provided | 2026-06-10 | 2026-06-10 |
| CVE-2026-40997 json | Several Spring WS integration paths with Spring Security could surface detailed account state (for example locked or disabled... | Not Provided | 2026-06-11 | 2026-06-11 |
| CVE-2026-40996 json | Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for valid... | Not Provided | 2026-06-11 | 2026-06-11 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Pivotal Software | Spring Security | 5.3.2 | |||
| Application | Pivotal Software | Spring Security | 5.3.1 | |||
| Application | Pivotal Software | Spring Security | 5.3.0 | |||
| Application | Pivotal Software | Spring Security | 5.2.4 | |||
| Application | Pivotal Software | Spring Security | 5.2.3 | |||
| Application | Pivotal Software | Spring Security | 5.2.2 | |||
| Application | Pivotal Software | Spring Security | 5.2.1 | |||
| Application | Pivotal Software | Spring Security | 5.2.0 | |||
| Application | Pivotal Software | Spring Security | 5.1.9 | |||
| Application | Pivotal Software | Spring Security | 5.1.8 | |||
| Application | Pivotal Software | Spring Security | 5.1.7 | |||
| Application | Pivotal Software | Spring Security | 5.1.6 | |||
| Application | Pivotal Software | Spring Security | 5.1.5 | |||
| Application | Pivotal Software | Spring Security | 5.1.4 | |||
| Application | Pivotal Software | Spring Security | 5.1.3 | |||
| Application | Pivotal Software | Spring Security | 5.1.2 | |||
| Application | Pivotal Software | Spring Security | 5.1.10 | |||
| Application | Pivotal Software | Spring Security | 5.1.1 | |||
| Application | Pivotal Software | Spring Security | 5.1.0 | |||
| Application | Pivotal Software | Spring Security | 5.1.0 |