CVE-2026-22754

ervlet Path Not Correctly Included in Path Matching of XML Authorization Rules

Description

Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path="/servlet-path" pattern="/endpoint/**"/> to define the servlet path for computing a path matcher, then the servlet path is not included and the related authorization rules are not exercised. This can lead to an authorization bypass.This issue affects Spring Security: from 7.0.0 through 7.0.4.

INFO

Published Date :

2026-04-22T05:32:48.172Z

Last Modified :

2026-04-22T15:59:52.492Z

Source :

vmware

AFFECTED PRODUCTS

The following products are affected by CVE-2026-22754 vulnerability.

Vendors	Products
Spring	Spring Security
Vmware	Spring Security

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-22754.

URL	Resource
https://spring.io/security/cve-2026-22754

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact