Bug 2460489 (CVE-2026-22754) - CVE-2026-22754 Spring Security: Spring Security: Authorization bypass due to incorrect servlet path matching
Summary: CVE-2026-22754 Spring Security: Spring Security: Authorization bypass due to ...
Keywords:
Status: NEW
Alias: CVE-2026-22754
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-04-22 06:01 UTC by OSIDB Bzimport
Modified: 2026-04-27 12:40 UTC (History)
72 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2026-04-22 06:01:35 UTC 
Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path="/servlet-path" pattern="/endpoint/**"/> to define the servlet path for computing a path matcher, then the servlet path is not included and the related authorization rules are not exercised. This can lead to an authorization bypass.This issue affects Spring Security: from 7.0.0 through 7.0.4.
Note You need to log in before you can comment on or make changes to this bug.