CVE-2026-22746

ADVISORY - github

Summary

Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAccountNonExpired, or #isAccountNonLocked user attributes, to enable, expire, or lock users, then DaoAuthenticationProvider's timing attack defense can be bypassed for users who are disabled, expired, or locked. This issue affects Spring Security: from 5.7.0 through 5.7.22, from 5.8.0 through 5.8.24, from 6.3.0 through 6.3.15, from 6.5.0 through 6.5.9, from 7.0.0 through 7.0.4.

EPSS Score⁠: 0.00054 (0.166)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-208⁠

Observable Timing Discrepancy

ADVISORY - github

CWE-208⁠

Observable Timing Discrepancy

Impacted images

Advisories

NIST

CREATED

15 days ago

UPDATED

12 days ago

ADVISORY IDCVE-2026-22746⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-208⁠

CVSS SCORE

3.7low

GitHub

CREATED

15 days ago

UPDATED

7 days ago

ADVISORY IDGHSA-vxf7-qj7q-83fh⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-208⁠

CVSS SCORE

3.7low

Ubuntu

CREATED

15 days ago

UPDATED

14 days ago

ADVISORY IDCVE-2026-22746⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Chainguard

CREATED

1 day ago

UPDATED

1 day ago

ADVISORY ID

CGA-qmvm-mr2p-7qf9

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

6 days ago

UPDATED

6 days ago

ADVISORY ID

MINI-2mp3-8cc9-6f6j

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

6 days ago

UPDATED

6 days ago

ADVISORY ID

MINI-3h39-8gmw-m53v

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

6 days ago

UPDATED

6 days ago

ADVISORY ID

MINI-64pw-gjh2-q8g5

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

6 days ago

UPDATED

6 days ago

ADVISORY ID

MINI-7mcf-926p-hvx7

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

6 days ago

UPDATED

6 days ago

ADVISORY ID

MINI-7p6v-j7w7-829w

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

6 days ago

UPDATED

6 days ago

ADVISORY ID

MINI-9xh5-38jf-44x8

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

6 days ago

UPDATED

6 days ago

ADVISORY ID

MINI-f2c9-x62v-384q

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

6 days ago

UPDATED

6 days ago

ADVISORY ID

MINI-f7rr-7gw2-wrxh

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

6 days ago

UPDATED

6 days ago

ADVISORY ID

MINI-jw8h-g94q-rmxf

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

2 days ago

UPDATED

2 days ago

ADVISORY ID

MINI-wvm2-6xg2-pvr9

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

minimos

CREATED

6 days ago

UPDATED

6 days ago

ADVISORY ID

MINI-xffh-48qc-hcpx

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY