Skip to main content

Spring Web Services CVE-2026-40996

| EUVDEUVD-2026-36206 MEDIUM
Use of a Broken or Risky Cryptographic Algorithm (CWE-327)
2026-06-11 vmware GHSA-p7qj-2q5w-f9r7
4.8
CVSS 3.1 · Vendor: vmware
Share

Severity by source

Vendor (vmware) PRIMARY
4.8 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
vuln.today AI
4.8 MEDIUM

Network-exposed SOAP endpoint (AV:N); Bleichenbacher oracle attack requires high complexity (AC:H); no authentication required to submit WS-Security messages (PR:N); partial confidentiality and integrity impact from session key recovery; no availability impact.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (vmware).

CVSS VectorVendor: vmware

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
Patch available
Jun 11, 2026 - 08:01 EUVD
Analysis Generated
Jun 11, 2026 - 07:00 vuln.today
CVE Published
Jun 11, 2026 - 05:04 cve.org
MEDIUM 4.8

DescriptionCVE.org

Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for validation RequestData. Inbound WS-Security decryption could therefore accept RSA PKCS#1 v1.5 (rsa-1_5) encrypted key material unless operators explicitly reconfigured the flag.

Affected versions: Spring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8.

AnalysisAI

Spring Web Services' Wss4jSecurityInterceptor silently defaults allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's own safer default and permitting inbound WS-Security decryption to accept the weak RSA PKCS#1 v1.5 (rsa-1_5) key transport algorithm. This misconfiguration-by-default affects all four supported release trains (3.1.x, 4.0.x, 4.1.x, 5.0.x) and opens deployed SOAP services to Bleichenbacher-style adaptive chosen-ciphertext attacks against server-side RSA key material unless operators explicitly override the flag. No public exploit has been identified at time of analysis, and the CVSS-assigned high attack complexity (AC:H) reflects the significant number of oracle queries required to mount a practical attack.

Technical ContextAI

Spring Web Services (Spring-WS) is a Java-based, contract-first SOAP framework that delegates WS-Security operations - signing, encryption, decryption - to the Apache WSS4J library via the Wss4jSecurityInterceptor class. WSS4J introduced a deliberate safer default that rejects RSA PKCS#1 v1.5 key transport (XML Encryption algorithm URI http://www.w3.org/2001/04/xmlenc#rsa-1_5) in favor of RSA-OAEP, because rsa-1_5 is known to be susceptible to Bleichenbacher's 1998 padding oracle attack and its modern variants (ROBOT). The defect, classified as CWE-327 (Use of a Broken or Risky Cryptographic Algorithm), is that Wss4jSecurityInterceptor sets allowRSA15KeyTransportAlgorithm=true during construction of the inbound validation RequestData, overriding the library's safe default before WSS4J processes the message. The affected CPE is cpe:2.3:a:spring:spring_web_services across all versions in the listed ranges.

RemediationAI

The primary fix is to upgrade to a patched Spring Web Services release as directed by the vendor advisory at https://spring.io/security/cve-2026-40996 - exact fixed version numbers were not present in the provided input data and must be confirmed there before deploying. As an immediate compensating control, operators should explicitly set allowRSA15KeyTransportAlgorithm=false on every Wss4jSecurityInterceptor bean in their application context; this one-line configuration change restores the Apache WSS4J safer default and causes the interceptor to reject any inbound WS-Security message that presents rsa-1_5 key transport, eliminating the vulnerable code path without requiring an upgrade. The trade-off is that clients still using rsa-1_5 encryption will receive decryption failures and must be migrated to RSA-OAEP before the workaround is applied. Rate-limiting or WAF rules on the SOAP endpoint can raise the cost of any attempted Bleichenbacher oracle attack as a defense-in-depth measure but do not remediate the root cause.

More in Java

View all
CVE-2012-4681 CRITICAL POC
9.8 Aug 28

Oracle Java SE 7 Update 6 and earlier contains multiple sandbox bypass vulnerabilities via the ClassFinder and forName m

CVE-2015-7450 CRITICAL POC
9.8 Jan 02

Remote code execution in IBM Sterling B2B Integrator, Sterling Integrator, and Tivoli Common Reporting allows unauthenti

CVE-2013-2465 CRITICAL POC
9.8 Jun 18

Java Runtime Environment sandbox bypass via incorrect image channel verification in 2D component allows remote unauthent

CVE-2011-3544 CRITICAL POC
9.8 Oct 19

Oracle Java SE JDK/JRE 7 and 6 Update 27 and earlier allows remote code execution with complete system compromise throug

CVE-2010-1871 HIGH POC
8.8 Aug 05

JBoss Seam 2 in Red Hat JBoss EAP 4.3.0 fails to sanitize JBoss Expression Language inputs, allowing remote attackers to

CVE-2012-1723 CRITICAL POC
9.8 Jun 16

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 up

CVE-2013-0422 CRITICAL POC
9.8 Jan 10

Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using

CVE-2012-0507 CRITICAL POC
9.8 Jun 07

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Up

CVE-2015-4852 CRITICAL POC
9.8 Nov 18

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers

CVE-2012-5076 CRITICAL POC
9.8 Oct 16

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allow

CVE-2017-3066 CRITICAL POC
9.8 Apr 27

Remote unauthenticated attackers can execute arbitrary code on Adobe ColdFusion servers through Java deserialization fla

CVE-2012-0391 CRITICAL POC
9.8 Jan 08

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during

Share

CVE-2026-40996 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy