CVE-2026-40996
MediumCVSS 4.8Exploitation Probability (EPSS)
Low risk3th percentile — higher than 3% of all known CVEs
Summary
Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for validation RequestData. Inbound WS-Security decryption could therefore accept RSA PKCS#1 v1.5 encrypted key material unless operators explicitly reconfigured the flag.
Risk Assessment
Organizations may be exposed to attacks leveraging weaker encryption algorithms, potentially leading to unauthorized access to sensitive data.
Recommendation
It is recommended that system administrators reconfigure the allowRSA15KeyTransportAlgorithm flag to false to restore safer validation settings.
Original NVD description (English source)
Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for validation RequestData. Inbound WS-Security decryption could therefore accept RSA PKCS#1 v1.5 (rsa-1_5) encrypted key material unless operators explicitly reconfigured the flag. Affected versions: Spring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8.

