to define the servlet path for computing a path matcher, the…"/>  to define the servlet path for computing a path matcher, the…"/>  to define the servlet path for computing a path matcher, the…"/>
VDB

CVE-2026-22754

CVE-2026-22754 PUBLISHED CVSS 7.5 HIGH

Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path="/servlet-path" pattern="/endpoint/**"/> to define the servlet path for computing a path matcher, then the servlet path is not included and the related authorization rules are not exercised. This can lead to an authorization bypass.This issue affects Spring Security: from 7.0.0 through 7.0.4.

EPSS 0.05% · 17.5th percentile

Risk Scores

CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
0.05%
17.5th percentile

Affected Products

VendorProductVersions
SpringSpring Security7.0.0

Timeline

  • Apr 22, 2026 CVE Published
  • Apr 22, 2026 CVE Updated
  • Apr 22, 2026 Security Advisory
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
  • May 23, 2026 EPSS Score
  • May 24, 2026 EPSS Score
  • May 25, 2026 EPSS Score
  • May 26, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›