CVE-2026-41706
Received Received - Intake
Open Redirect via Unvalidated Cookie in Spring Security

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: VMware

Description
Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL is stored in the cookie and is used without validation as the post-login redirect target. Affected versions: Spring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-06-10
AI Q&A
2026-06-10
EPSS Evaluated
N/A
NVD
CVE-2026-41706
EUVD
EUVD-2026-35896
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
vmware spring_security From 5.7.0 (inc) to 5.7.23 (inc)
vmware spring_security From 5.8.0 (inc) to 5.8.25 (inc)
vmware spring_security From 6.3.0 (inc) to 6.3.16 (inc)
vmware spring_security From 6.4.0 (inc) to 6.4.16 (inc)
vmware spring_security From 6.5.0 (inc) to 6.5.10 (inc)
vmware spring_security From 7.0.0 (inc) to 7.0.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability allows an attacker to redirect authenticated users to attacker-controlled URLs immediately after login, enabling phishing attacks.

Such phishing risks can potentially lead to unauthorized disclosure or misuse of personal or sensitive data, which may impact compliance with data protection regulations like GDPR or HIPAA that require safeguarding user data and preventing unauthorized access.

However, the provided information does not explicitly discuss the direct impact on compliance with these standards or regulations.

Executive Summary

CVE-2026-41706 is a security vulnerability in Spring Security's CookieRequestCache and CookieServerRequestCache components. These components store the pre-authentication request URL in a browser cookie to redirect users back to their intended destination after login.

In affected versions, the full absolute URL, including scheme, host, and port, is stored in the cookie without validation and used as the post-login redirect target.

An attacker can exploit this vulnerability if they can influence the value of the REDIRECT_URI cookie (for example, through cookie injection, HTTP response splitting, or protocol downgrade attacks) to redirect an authenticated user to an attacker-controlled URL immediately after login, enabling phishing attacks.

Impact Analysis

This vulnerability can impact you by allowing attackers to redirect authenticated users to malicious websites immediately after login.

Such redirection can be used for phishing attacks, where users might be tricked into providing sensitive information or credentials to attacker-controlled sites.

The attack requires that the attacker can manipulate the REDIRECT_URI cookie, which could be done through techniques like cookie injection via related subdomains, HTTP response splitting, or protocol downgrades.

Detection Guidance

Detection of this vulnerability involves checking if your application uses the CookieRequestCache (Servlet) or CookieServerRequestCache (WebFlux) as its RequestCache implementation and if the REDIRECT_URI cookie can be influenced by an attacker.

You can inspect HTTP traffic to see if the REDIRECT_URI cookie contains full absolute URLs that could be manipulated. Monitoring for unusual or unexpected values in this cookie may indicate exploitation attempts.

Specific commands are not provided in the available resources.

Mitigation Strategies

The primary and immediate mitigation step is to upgrade Spring Security to a fixed version that addresses this vulnerability.

  • Upgrade to version 5.7.24 if you are using 5.7.0 through 5.7.23.
  • Upgrade to version 5.8.26 if you are using 5.8.0 through 5.8.25.
  • Upgrade to version 6.3.17 if you are using 6.3.0 through 6.3.16.
  • Upgrade to version 6.4.17 if you are using 6.4.0 through 6.4.16.
  • Upgrade to version 6.5.11 if you are using 6.5.0 through 6.5.10.
  • Upgrade to version 7.0.6 if you are using 7.0.0 through 7.0.5.

No additional mitigation steps are required after upgrading.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-41706. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart