CVE Catalog

CVE-2026-40996

MediumCVSS 4.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile — higher than 3% of all known CVEs

Summary

Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for validation RequestData. Inbound WS-Security decryption could therefore accept RSA PKCS#1 v1.5 encrypted key material unless operators explicitly reconfigured the flag.

Risk Assessment

Organizations may be exposed to attacks leveraging weaker encryption algorithms, potentially leading to unauthorized access to sensitive data.

Recommendation

It is recommended that system administrators reconfigure the allowRSA15KeyTransportAlgorithm flag to false to restore safer validation settings.

Original NVD description (English source)

Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for validation RequestData. Inbound WS-Security decryption could therefore accept RSA PKCS#1 v1.5 (rsa-1_5) encrypted key material unless operators explicitly reconfigured the flag. Affected versions: Spring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS