CVE-2026-22754 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Vulnerability in Spring Spring Security. If an application uses  to define the servlet path for computing a path matcher, then the servlet path is not included…
High CVSS: 7.5

CVE-2026-22754

Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path="/servlet-path" pattern="/endpoint/**"/> to define the servlet path for computing a path matcher, then the servlet path is not included and the related authorization rules are not exercised. This can lead to an authorization bypass.This issue affects Spring Security: from 7.0.0 through 7.0.4.
Vendor
-
Product
-
CWE
-
Yayın Tarihi
2026-04-22 06:16:04
Güncelleme
2026-04-22 06:16:04
Source Identifier
security@vmware.com
KEV Date Added
-

Kategoriler

HIGH 2026

Referanslar

https://spring.io/security/cve-2026-22754