CVE Catalog

CVE-2026-41003

HighCVSS 7.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile - higher than 10% of all known CVEs

Summary

An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters.

Risk Assessment

The risk involves the possibility of executing unauthorized code in the victim's browser, which may lead to data theft, session hijacking, or other XSS attacks.

Recommendation

Immediately update Spring Security to version 5.7.24, 5.8.26, 6.3.17, 6.4.17, 6.5.11, or 7.0.6, depending on the branch in use.

Original NVD description (English source)

An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters. Affected versions: Spring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS