Bug 2460486 (CVE-2026-22753)

Summary: CVE-2026-22753 Spring Security: Spring Security: Security bypass due to incorrect servlet path matching
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abrianik, ant, aschwart, asoldano, aszczucz, avibelli, bbaranow, bbrownin, bgeorges, bmaxwell, boliveir, bstansbe, cescoffi, dandread, dhanak, dkreling, dlofthou, drichtar, drosa, fdeutsch, fmariani, ggrzybek, gmalinko, gsmet, ibek, istudens, ivassile, iweiss, janstey, jmartisk, jraez, jrokos, kaycoth, lthon, manderse, mnovotny, mosmerov, mposolda, msvehla, nwallace, olubyans, oramraz, parichar, pberan, pdelbell, pesilva, pgallagh, pjindal, pmackay, probinso, rguimara, rmartinc, rruss, rstancel, rstepani, rsvoboda, sausingh, sbiarozk, sdawley, smaestri, smullick, ssilvert, sthorger, stirabos, tasato, tcunning, thason, thjenkin, tqvarnst, vdosoudi, vmuzikar, yfang
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in Spring Security. When an application uses specific configurations involving `securityMatchers(String)` and `PathPatternRequestMatcher.Builder` to handle servlet paths, the intended security controls may not be applied. This can result in a security bypass, where authentication and authorization mechanisms are rendered inactive, potentially allowing an attacker to gain unauthorized access or perform actions without proper validation.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description OSIDB Bzimport 2026-04-22 06:01:25 UTC 
Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components will not be exercised as intended by the application. This can lead to the authentication, authorization, and other security controls being rendered inactive on intended requests.This issue affects Spring Security: from 7.0.0 through 7.0.4.