CVE-2026-22747
MediumCVSS 6.8Exploitation Probability (EPSS)
Low risk21th percentile - higher than 21% of all known CVEs
Summary
A vulnerability in Spring Security's SubjectX500PrincipalExtractor incorrectly handles malformed CN values in X.509 certificates, potentially reading the wrong username. A crafted certificate could allow an attacker to impersonate another user.
Risk Assessment
The risk is that an attacker can impersonate another user, leading to unauthorized access to system resources and potential data integrity breaches.
Recommendation
Immediately update Spring Security to version 7.0.5 or later, which includes a fix for this vulnerability. Also review X.509 certificate-based authentication configurations.
Original NVD description (English source)
Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. This issue affects Spring Security: from 7.0.0 through 7.0.4.

