CVE-2026-40993
HighCVSS 7.3Exploitation Probability (EPSS)
Low risk10th percentile - higher than 10% of all known CVEs
Summary
A vulnerability in Spring Security allows an attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository (saml2_asserting_party_metadata) to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials (verification_credentials and encryption_credentials, respectively).
Risk Assessment
The risk involves potential remote code execution or privilege escalation through deserialization of malicious data, which could lead to application compromise or data breach.
Recommendation
Immediately update Spring Security to version 7.0.6 or later, which includes a fix for the vulnerability. Additionally, restrict write permissions to the saml2_asserting_party_metadata table to trusted entities only.
Original NVD description (English source)
An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository (saml2_asserting_party_metadata) may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials (verification_credentials and encryption_credentials, respectively). Affected versions: Spring Security 7.0.0 through 7.0.5.

