CVE-2026-22732 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: March 19, 2026
Spring Security - Misconfiguration
Published: March 19, 2026Updated: March 19, 2026Remote Exploitable
Overview
Spring Security 5.7.0 to 5.7.21, 5.8.0 to 5.8.23, 6.3.0 to 6.3.14, 6.4.0 to 6.4.14, and 6.5.0 to 7.0.3 contains an insecure configuration caused by failure to write HTTP response headers in servlet applications, letting attackers potentially bypass security controls, exploit requires specific application configuration.
Severity & Score
Severity: Critical
CVSS Score: 9.1
Impact
Attackers can bypass security controls due to missing HTTP headers, potentially leading to information disclosure or other attacks.
Mitigation
Update to a version later than 7.0.3 or the latest available version.
Related Resources
Details
- CVE ID
- CVE-2026-22732
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- misconfiguration
- Status
- new
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N