CVE-2026-41003
HighCVSS 7.6Exploitation Probability (EPSS)
Low risk10th percentile - higher than 10% of all known CVEs
Summary
An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters.
Risk Assessment
The risk involves the possibility of executing unauthorized code in the victim's browser, which may lead to data theft, session hijacking, or other XSS attacks.
Recommendation
Immediately update Spring Security to version 5.7.24, 5.8.26, 6.3.17, 6.4.17, 6.5.11, or 7.0.6, depending on the branch in use.
Original NVD description (English source)
An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters. Affected versions: Spring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5.

