CVE-2026-22732

ADVISORY - github

Summary

When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security: from 5.7.0 through 5.7.21, from 5.8.0 through 5.8.23, from 6.3.0 through 6.3.14, from 6.4.0 through 6.4.14, from 6.5.0 through 6.5.8, from 7.0.0 through 7.0.3.

EPSS Score⁠: 0.00031 (0.086)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-425⁠

Direct Request ('Forced Browsing')

ADVISORY - github

CWE-425⁠

Direct Request ('Forced Browsing')

ADVISORY - redhat

CWE-166⁠

Improper Handling of Missing Special Element

Impacted images

Advisories

NIST

CREATED

2 days ago

UPDATED

22 hours ago

ADVISORY IDCVE-2026-22732⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

9.1critical

GitHub

CREATED

2 days ago

UPDATED

17 hours ago

ADVISORY IDGHSA-mf92-479x-3373⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

9.1critical

Red Hat

CREATED

2 days ago

UPDATED

13 hours ago

ADVISORY IDCVE-2026-22732⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

6.5medium