CVE-2026-22747
Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user.
This issue affects Spring Security: from 7.0.0 through 7.0.4.
This issue affects Spring Security: from 7.0.0 through 7.0.4.
Vendor
-
Product
-
CWE
-
Yayın Tarihi
2026-04-22 06:16:03
Güncelleme
2026-04-22 06:16:03
Source Identifier
security@vmware.com
KEV Date Added
-