CVE-2026-40993

HIGH NVD

CVSS Score 7.3

Severity HIGH

Published Jun 10, 2026

Vendor unknown

Description

An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository (saml2_asserting_party_metadata) may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials (verification_credentials and encryption_credentials, respectively). Affected versions: Spring Security 7.0.0 through 7.0.5.

References

https://spring.io/security/cve-2026-40993