CVE-2026-22747Improper Validation of Certificate with Host Mismatch in Spring Security

CWE-297Improper Validation of Certificate with Host MismatchCWE-295Improper Certificate Validation4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.0%
top 93.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Spring SecurityDevspaces Openvsx-rhel9Devspaces Pluginregistry-rhel9+3 more
Timeline
PublishedApr 22

Description

Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. This issue affects Spring Security: from 7.0.0 through 7.0.4.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.6 | Impact: 5.2

Affected Packages6 packages

CVEListV5spring/spring_security7.0.07.0.4
Red Hatjenkins/jenkins

🔴Vulnerability Details

1
GHSA
GHSA-2jrg-rf5x-568g: Vulnerability in Spring Spring Security2026-04-22

📋Vendor Advisories

1
Red Hat
Spring Security: Spring Security: User impersonation via malformed X.509 certificate Common Name (CN) values2026-04-22

💬Community

1
Bugzilla
CVE-2026-22747 Spring Security: Spring Security: User impersonation via malformed X.509 certificate Common Name (CN) values2026-04-22
CVE-2026-22747 — Spring Security vulnerability | cvebase