PatchSiren cyber security CVE debrief
CVE-2026-22752 Spring Security CVE debrief
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-16T10:16:24.767Z and has not been modified since then. CVE-2026-22752 is an authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server. The issue affects multiple versions of Spring Authorization Server, including 7.0.0 through 7.0.4, 1.5.0 through 1.5.6, 1.4.0 through 1.4.9, and 1.3.0 through 1.3.10. The vulnerability has a CVSS score of 9.6 and is classified as CRITICAL. Users of Spring Authorization Server versions from 7.0.0 through 7.0.4, from 1.5.0 through 1.5.6, from 1.4.0 through 1.4.9, from 1.3.0 through 1.3.10 should review and apply patches or mitigations.
- Vendor
- Spring Security
- Product
- Spring Authorization Server
- CVSS
- CRITICAL 9.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-16
- Original CVE updated
- 2026-07-16
- Advisory published
- 2026-07-16
- Advisory updated
- 2026-07-16
Who should care
Users of Spring Authorization Server versions from 7.0.0 through 7.0.4, from 1.5.0 through 1.5.6, from 1.4.0 through 1.4.9, from 1.3.0 through 1.3.10 should review and apply patches or mitigations. This includes operators, platform administrators, vulnerability management teams, and security teams who need to assess the impact of this vulnerability on their systems and take appropriate actions.
Technical summary
CVE-2026-22752 is an authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server. The issue affects multiple versions of Spring Authorization Server, including 7.0.0 through 7.0.4, 1.5.0 through 1.5.6, 1.4.0 through 1.4.9, and 1.3.0 through 1.3.10. The vulnerability has a CVSS score of 9.6 and is classified as CRITICAL. This vulnerability allows attackers to bypass authentication mechanisms, potentially leading to unauthorized access. Users should review and apply patches or mitigations for affected Spring Authorization Server versions.
Defensive priority
High priority due to critical severity and potential for authentication bypass.
Recommended defensive actions
- Review and apply patches or mitigations for affected Spring Authorization Server versions.
- Inventory and verify versions of Spring Authorization Server in use.
- Monitor for potential exploitation attempts.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
Evidence notes
Evidence is limited; verification of vulnerability details and affected versions is recommended. The CVE record was published on 2026-07-16T10:16:24.767Z and has not been modified since then. Users should verify the affected versions of Spring Authorization Server, including 7.0.0 through 7.0.4, 1.5.0 through 1.5.6, 1.4.0 through 1.4.9, and 1.3.0 through 1.3.10.
Official resources
-
CVE-2026-22752 CVE record
CVE.org
-
CVE-2026-22752 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-16T10:16:24.767Z and has not been modified since then.