CLEANSTART-2026-KB76878

See a problem?
Import Source
https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-KB76878.json
JSON Data
https://api.osv.dev/v1/vulns/CLEANSTART-2026-KB76878
Upstream
  • CVE-2026-22732
  • ghsa-3677-xxcr-wjqv
  • ghsa-72hv-8253-57qq
  • ghsa-cj8j-37rh-8475
  • ghsa-qqpg-mvqg-649v
  • ghsa-wg6q-6289-32hp
  • ghsa-x44p-gvrj-pj2r
Published
2026-04-22T00:39:59.241183Z
Modified
2026-04-23T05:02:45.546573Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written
Details

Multiple security vulnerabilities affect the apache-nifi package. When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. See references for individual vulnerability details.

References

Affected packages

CleanStart / apache-nifi

Package

Name
apache-nifi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.9.0-r0

Database specific

source 
"https://github.com/cleanstart-dev/cleanstart-security-advisories/blob/main/advisories/2026/CLEANSTART-2026-KB76878.json"