Sign In

CVE-2026-22732

ADVISORY - github

Summary

When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written.  This issue affects Spring Security: from 5.7.0 through 5.7.21, from 5.8.0 through 5.8.23, from 6.3.0 through 6.3.14, from 6.4.0 through 6.4.14, from 6.5.0 through 6.5.8, from 7.0.0 through 7.0.3.

EPSS Score: 0.00031 (0.086)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-425

Direct Request ('Forced Browsing')

ADVISORY - github

CWE-425

Direct Request ('Forced Browsing')

ADVISORY - redhat

CWE-166

Improper Handling of Missing Special Element

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in