CVE Catalog

CVE-2026-22747

MediumCVSS 6.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.30%

21th percentile - higher than 21% of all known CVEs

Summary

A vulnerability in Spring Security's SubjectX500PrincipalExtractor incorrectly handles malformed CN values in X.509 certificates, potentially reading the wrong username. A crafted certificate could allow an attacker to impersonate another user.

Risk Assessment

The risk is that an attacker can impersonate another user, leading to unauthorized access to system resources and potential data integrity breaches.

Recommendation

Immediately update Spring Security to version 7.0.5 or later, which includes a fix for this vulnerability. Also review X.509 certificate-based authentication configurations.

Original NVD description (English source)

Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. This issue affects Spring Security: from 7.0.0 through 7.0.4.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS