Spring Security Authorization Bypass: High Severity Vulnerability

/HIGH /CVSS 7.5/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severity
Spring Security Authorization Bypass: High Severity Vulnerability

The National Vulnerability Database has disclosed CVE-2026-22754, a high-severity authorization bypass vulnerability in Spring Security. This flaw impacts Spring Security versions 7.0.0 through 7.0.4. The issue arises when an application utilizes <sec:intercept-url servlet-path="/servlet-path" pattern="/endpoint/**"/> to define the servlet path for computing a path matcher. In such configurations, the servlet path is not correctly included, leading to authorization rules being bypassed.

This oversight means that security controls intended to protect specific endpoints are effectively nullified. An attacker could potentially access restricted resources or functionalities without proper authentication or authorization, depending on the application’s specific configuration. The National Vulnerability Database rates this with a CVSS score of 7.5 (HIGH), underscoring the critical need for immediate attention.

Defenders must audit their Spring Security configurations, particularly those employing servlet path definitions for URL interception. The attacker’s calculus here is straightforward: exploit misconfigurations to bypass security. CISOs should ensure development and security teams prioritize patching and configuration reviews to prevent unauthorized access.

What This Means For You

  • If your organization uses Spring Security versions 7.0.0 through 7.0.4, you are vulnerable. Immediately audit all `<sec:intercept-url>` configurations to verify servlet paths are correctly included and authorization rules are enforced. Prioritize patching to a fixed version as soon as it's available.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1068 Exploitation for Privilege Escalation Privilege Escalation

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-22754 - Spring Security Authorization Bypass via Incorrect Servlet Path Matching

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Indicators of Compromise

IDTypeIndicator
CVE-2026-22754 Auth Bypass Spring Security versions 7.0.0 through 7.0.4
CVE-2026-22754 Auth Bypass Misconfiguration of

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 22, 2026 at 09:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

CVE-2026-6840 — Missing bounds validation for operator could allow out of

CVE-2026-6840 — Missing bounds validation for operator could allow out of range operator-code lookup during model loading Affected version is prior to commit 1.30.0.

vulnerabilityCVEmedium-severitycwe-129
/SCW Vulnerability Desk /MEDIUM /5.5 /⚑ 2 IOCs /⚙ 1 Sigma

CVE-2026-6839 — Improper validation of STRING tensor offsets could allows

CVE-2026-6839 — Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung...

vulnerabilityCVEmedium-severitycwe-1284
/SCW Vulnerability Desk /MEDIUM /6.6 /⚑ 2 IOCs /⚙ 1 Sigma

CVE-2026-41667 — Integer Overflow

CVE-2026-41667 — Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes. Affected...

vulnerabilityCVEmedium-severityinteger-overflowcwe-190
/SCW Vulnerability Desk /MEDIUM /6.6 /⚑ 2 IOCs /⚙ 1 Sigma