CVE-2026-41000
LowCVSS 3.7Exploitation Probability (EPSS)
Low risk13th percentile — higher than 13% of all known CVEs
Summary
Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. This may lead to ineffective protections against replay of UsernameToken nonces and Timestamp elements.
Risk Assessment
The organization may be vulnerable to replay attacks, potentially leading to unauthorized access to systems.
Recommendation
It is recommended to upgrade to the latest version of Spring Web Services to ensure effective protection against replay attacks.
Original NVD description (English source)
Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements, and certain SAML one-time-use semantics could be ineffective even when operators configured a replay cache on the interceptor. Affected versions: Spring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8.

