CVE-2026-22752
Received
Received - Intake
Authentication Bypass in Spring Authorization Server
Vulnerability report for CVE-2026-22752, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-16
Last updated on: 2026-07-16
Assigner: VMware
Description
Description
Authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server.
This issue affects Spring Authorization Server: from 7.0.0 through 7.0.4, from 1.5.0 through 1.5.6, from 1.4.0 through 1.4.9, from 1.3.0 through 1.3.10.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| spring | authorization_server | From 7.0.0 (inc) to 7.0.4 (inc) |
| spring | authorization_server | From 1.5.0 (inc) to 1.5.6 (inc) |
| spring | authorization_server | From 1.4.0 (inc) to 1.4.9 (inc) |
| spring | authorization_server | From 1.3.0 (inc) to 1.3.10 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |