CVE Catalog

CVE-2026-40988

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.33%

25th percentile - higher than 25% of all known CVEs

Summary

An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory.

Risk Assessment

An attacker can send a specially crafted compressed SAML request that, upon decompression, consumes excessive memory, leading to resource exhaustion and denial of service.

Recommendation

It is recommended to immediately upgrade Spring Security to versions 5.7.24, 5.8.26, 6.3.17, 6.4.17, 6.5.11, or 7.0.6, which include a fix limiting the decompressed payload size.

Original NVD description (English source)

An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory. Affected versions: Spring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS