CVE-2026-47838
MediumCVSS 6.8Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
A vulnerability in the SubjectDnX509PrincipalExtractor component of Spring Security allows incorrect handling of malformed CN values in X.509 certificates. This can lead to reading the wrong username and potentially allow an attacker to impersonate another user.
Risk Assessment
The organization is at risk of unauthorized access to systems that rely on X.509 certificate authentication. An attacker can use a specially crafted certificate to impersonate another user and gain unauthorized privileges.
Recommendation
Immediately update Spring Security to version 5.7.25, 5.8.27, 6.3.18, 6.4.18, or 6.5.11 (depending on the branch used). If an update is not possible, consider temporarily disabling X.509 authentication or applying additional certificate validation.
Original NVD description (English source)
SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. Affected versions: Spring Security 5.7.0 through 5.7.24; 5.8.0 through 5.8.26; 6.3.0 through 6.3.17; 6.4.0 through 6.4.17; 6.5.0 through 6.5.10.

