CVE-2026-47838

Source
https://cve.org/CVERecord?id=CVE-2026-47838
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-47838.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-47838
Aliases
Downstream
Related
Published
2026-06-09T23:50:07.988Z
Modified
2026-07-08T08:13:38.060425Z
Severity
  • 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
Unauthorized User Impersonation when Using X.509 Client Certificates
Details

SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user.

Affected versions: Spring Security 5.7.0 through 5.7.24; 5.8.0 through 5.8.26; 6.3.0 through 6.3.17; 6.4.0 through 6.4.17; 6.5.0 through 6.5.10.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "5.7.0"
                },
                {
                    "fixed": "5.7.25"
                },
                {
                    "introduced": "5.8.0"
                },
                {
                    "fixed": "5.8.27"
                },
                {
                    "introduced": "6.3.0"
                },
                {
                    "fixed": "6.3.18"
                },
                {
                    "introduced": "6.4.0"
                },
                {
                    "fixed": "6.4.18"
                },
                {
                    "introduced": "6.5.0"
                },
                {
                    "fixed": "6.5.10.2"
                }
            ]
        },
        {
            "source": "DESCRIPTION",
            "extracted_events": [
                {
                    "introduced": "5.7.0"
                },
                {
                    "fixed": "5.7.24"
                },
                {
                    "introduced": "5.8.0"
                },
                {
                    "fixed": "5.8.26"
                },
                {
                    "introduced": "6.3.0"
                },
                {
                    "fixed": "6.3.17"
                },
                {
                    "introduced": "6.4.0"
                },
                {
                    "fixed": "6.4.17"
                },
                {
                    "introduced": "6.5.0"
                },
                {
                    "fixed": "6.5.10"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/47xxx/CVE-2026-47838.json",
    "cna_assigner": "vmware",
    "cwe_ids": [
        "CWE-287"
    ]
}
References

Affected packages

Git / github.com/spring-projects/spring-security

Affected ranges

Type
GIT
Repo
https://github.com/spring-projects/spring-security
Events
Database specific
{
    "source": "CPE_RANGE",
    "cpe": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "6.5.0"
        },
        {
            "fixed": "6.5.11"
        }
    ]
}

Affected versions

6.*
6.5.0
6.5.1
6.5.10
6.5.3
6.5.4
6.5.5
6.5.6
6.5.7
6.5.8
6.5.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-47838.json"