Vmware: >> Spring Boot >> 3.5.9 Security Vulnerabilities
Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints. This issue affects Spring Security: from 4.0.0 through 4.0.3, from 3.5.0 through 3.5.11, from 3.4.0 through 3.4.14, from 3.3.0 through 3.3.17, from 2.7.0 through 2.7.31.
CVSS Score
8.2
EPSS Score
0.004
Published
2026-03-20
Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path.
This issue affects Spring Boot: from 4.0 before 4.0.3, from 3.5 before 3.5.11, from 3.4 before 3.4.15.
This CVE is similar but not equivalent to CVE-2026-22733, as the conditions for exploit and vulnerable versions are different.
CVSS Score
8.2
EPSS Score
0.003
Published
2026-03-19
An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL.
CVSS Score
9.8
EPSS Score
0.01
Published
2023-10-25