CVE Catalog

CVE-2026-47838

MediumCVSS 6.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

A vulnerability in the SubjectDnX509PrincipalExtractor component of Spring Security allows incorrect handling of malformed CN values in X.509 certificates. This can lead to reading the wrong username and potentially allow an attacker to impersonate another user.

Risk Assessment

The organization is at risk of unauthorized access to systems that rely on X.509 certificate authentication. An attacker can use a specially crafted certificate to impersonate another user and gain unauthorized privileges.

Recommendation

Immediately update Spring Security to version 5.7.25, 5.8.27, 6.3.18, 6.4.18, or 6.5.11 (depending on the branch used). If an update is not possible, consider temporarily disabling X.509 authentication or applying additional certificate validation.

Original NVD description (English source)

SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. Affected versions: Spring Security 5.7.0 through 5.7.24; 5.8.0 through 5.8.26; 6.3.0 through 6.3.17; 6.4.0 through 6.4.17; 6.5.0 through 6.5.10.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS