VDB
CLEANSTART-2026-GN46454
CLEANSTART-2026-GN46454
PUBLISHED
CVSS 9.800000190734863 CRITICAL
When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written
Risk Scores
CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| CleanStart | apache-nifi | 0 |
Timeline
- Apr 30, 2026 CVE Published
- Apr 30, 2026 CVE Updated
References
- https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-GN46454.json advisory
- https://osv.dev/vulnerability/CVE-2026-1605 url
- https://osv.dev/vulnerability/CVE-2026-22732 url
- https://osv.dev/vulnerability/CVE-2026-24281 url
- https://osv.dev/vulnerability/CVE-2026-33870 url
- https://osv.dev/vulnerability/CVE-2026-33871 url
- https://osv.dev/vulnerability/ghsa-2m67-wjpj-xhg9 url
- https://osv.dev/vulnerability/ghsa-3677-xxcr-wjqv url
- https://osv.dev/vulnerability/ghsa-6v53-7c9g-w56r url
- https://osv.dev/vulnerability/ghsa-72hv-8253-57qq url
- https://osv.dev/vulnerability/ghsa-qqpg-mvqg-649v url
- https://osv.dev/vulnerability/ghsa-x2wq-9x2f-fhj7 url
- https://osv.dev/vulnerability/ghsa-x44p-gvrj-pj2r url
- https://nvd.nist.gov/vuln/detail/CVE-2026-1605 url
- https://nvd.nist.gov/vuln/detail/CVE-2026-22732 url
- https://nvd.nist.gov/vuln/detail/CVE-2026-24281 url
- https://nvd.nist.gov/vuln/detail/CVE-2026-33870 url
- https://nvd.nist.gov/vuln/detail/CVE-2026-33871 url