CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-22747

Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. This issue affects Spring Security: from 7.0.0 through 7.0.4.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 4.0%

CVSS Severity

CVSS v3 Score 6.8

References

https://spring.io/security/cve-2026-22747

Products affected by CVE-2026-22747

Vmware » Spring Security » Version: 7.0.0

cpe:2.3:a:vmware:spring_security:7.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-22747

Products

Pricing

Contact Us