EUVD-2026-24611
GHSA-4wrg-8wpc-h923
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
2DescriptionNVD
Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components will not be exercised as intended by the application. This can lead to the authentication, authorization, and other security controls being rendered inactive on intended requests.This issue affects Spring Security: from 7.0.0 through 7.0.4.
AnalysisAI
Path matching bypass in Spring Security 7.0.0-7.0.4 allows unauthenticated remote attackers to evade authentication, authorization, and other security controls when applications use securityMatchers(String) with a PathPatternRequestMatcher.Builder bean to prepend servlet paths. Improper matcher configuration causes filter chains to silently fail, leaving protected endpoints exposed without intended security controls. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all applications using Spring Security 7.0.0-7.0.4 with securityMatchers(String) and PathPatternRequestMatcher.Builder configurations through dependency scanning and code review. Within 7 days: Monitor CVE advisories and Spring Security release channels for patch availability; implement temporary access controls via WAF rules or network segmentation to restrict unauthorized endpoint access if applications cannot be modified. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today