GHSA-2jrg-rf5x-568g

Suggest an improvement
Source
https://github.com/advisories/GHSA-2jrg-rf5x-568g
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-2jrg-rf5x-568g/GHSA-2jrg-rf5x-568g.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-2jrg-rf5x-568g
Aliases
  • CVE-2026-22747
Downstream
Related
Published
2026-04-22T06:30:28Z
Modified
2026-05-05T15:59:51.434087Z
Severity
  • 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates
Details

Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. This issue affects Spring Security: from 7.0.0 through 7.0.4.

Database specific 
{
    "nvd_published_at": "2026-04-22T06:16:03Z",
    "cwe_ids": [
        "CWE-297"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-29T20:44:36Z",
    "severity": "MODERATE"
}
References

Affected packages

Maven / org.springframework.security:spring-security-web

Package

Name
org.springframework.security:spring-security-web
View open source insights on deps.dev
Purl
pkg:maven/org.springframework.security/spring-security-web

Affected ranges

Type
ECOSYSTEM
Events
Introduced
7.0.0
Fixed
7.0.5

Affected versions

7.*
7.0.0
7.0.1
7.0.2
7.0.3
7.0.4

Database specific

last_known_affected_version_range 
"<= 7.0.4"
source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-2jrg-rf5x-568g/GHSA-2jrg-rf5x-568g.json"