Skip to main content

Spring Authorization Server

2 CVEs product

Monthly

CVE-2026-22752 CRITICAL Act Now

Authentication bypass in VMware/Spring's Spring Authorization Server (versions 7.0.0-7.0.4, 1.5.0-1.5.6, 1.4.0-1.4.9, and 1.3.0-1.3.10) allows a low-privileged authenticated actor to circumvent authentication controls and access protected resources across a security boundary. The CVSS 9.6 (Critical) rating reflects a scope change with high confidentiality and integrity impact but no availability effect. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the near-maximum score in a widely deployed OAuth2/OIDC authorization component makes this a high-priority patch.

Authentication Bypass Java Spring Authorization Server
NVD VulDB
CVSS 3.1
9.6
EPSS
0.5%
CVE-2026-41008 MEDIUM PATCH This Month

Spring Authorization Server's authorization endpoint fails to adequately validate the OAuth2/OIDC `request_uri` parameter, enabling unauthenticated remote attackers to craft authorization requests that bypass redirect URI validation entirely. Affected deployments running Spring Authorization Server 1.5.0-1.5.7 or Spring Security 7.0.0-7.0.5 can be exploited to redirect authenticated users to attacker-controlled destinations, a particularly elevated risk given that victims inherently trust the authorization server's domain during OAuth login flows. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Open Redirect Java Spring Authorization Server Spring Security
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
EPSS 0% CVSS 9.6
CRITICAL Act Now

Authentication bypass in VMware/Spring's Spring Authorization Server (versions 7.0.0-7.0.4, 1.5.0-1.5.6, 1.4.0-1.4.9, and 1.3.0-1.3.10) allows a low-privileged authenticated actor to circumvent authentication controls and access protected resources across a security boundary. The CVSS 9.6 (Critical) rating reflects a scope change with high confidentiality and integrity impact but no availability effect. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the near-maximum score in a widely deployed OAuth2/OIDC authorization component makes this a high-priority patch.

Authentication Bypass Java Spring Authorization Server
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Spring Authorization Server's authorization endpoint fails to adequately validate the OAuth2/OIDC `request_uri` parameter, enabling unauthenticated remote attackers to craft authorization requests that bypass redirect URI validation entirely. Affected deployments running Spring Authorization Server 1.5.0-1.5.7 or Spring Security 7.0.0-7.0.5 can be exploited to redirect authenticated users to attacker-controlled destinations, a particularly elevated risk given that victims inherently trust the authorization server's domain during OAuth login flows. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Open Redirect Java Spring Authorization Server +1
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy