CVE-2026-22747 — Spring Security: From Vulnerability

/MEDIUM /CVSS 6.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
National Vulnerability Database vulnerabilitycvemedium-severity
CVE-2026-22747 — Spring Security: From Vulnerability

CVE-2026-22747 — Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating

What This Means For You

  • If your environment is affected by this vulnerability type, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-22747 updates and patches.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1078.004 Abuse Elevation Control Mechanism: Sudo and Sudo Caching Persistence

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

CVE-2026-22747 - Spring Security X.509 CN Impersonation Attempt

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Indicators of Compromise

IDTypeIndicator
CVE-2026-22747 vulnerability CVE-2026-22747

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 22, 2026 at 09:16 UTC

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

Related Posts

Telerik UI for AJAX RadFilter Vulnerable to RCE via Deserialization

CVE-2026-6023 — In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if...

vulnerabilityCVEhigh-severityremote-code-executioncwe-502
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 1 IOC /⚙ 3 Sigma

Telerik UI Vulnerability Allows Disk Space Exhaustion Attacks

CVE-2026-6022 — In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the...

vulnerabilityCVEhigh-severitycwe-400
/SCW Vulnerability Desk /HIGH /7.5 /⚑ 1 IOC /⚙ 2 Sigma

Microsoft Rushes Patches for Critical ASP.NET Core Privilege Escalation Flaw

Microsoft has issued out-of-band updates to address a critical privilege escalation vulnerability (CVE-2026-40372) in ASP.NET Core's Data Protection APIs. BleepingComputer reports that unauthenticated attackers could...

threat-inteldata-breachmalwarevulnerabilitymicrosofttools
/SCW Vulnerability Desk /HIGH /⚑ 1 IOC /⚙ 3 Sigma