CVE-2026-22752

Summary

Authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server.

This issue affects Spring Authorization Server: from 7.0.0 through 7.0.4, from 1.5.0 through 1.5.6, from 1.4.0 through 1.4.9, from 1.3.0 through 1.3.10.

Affected Software

VendorProductVersion RangeStatus
Spring SecuritySpring Authorization Server7.0.0 <= 7.0.4affected
Spring SecuritySpring Authorization Server1.5.0 <= 1.5.6affected
Spring SecuritySpring Authorization Server1.4.0 <= 1.4.9affected
Spring SecuritySpring Authorization Server1.3.0 <= 1.3.10affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References