CVE-2026-41003

HIGH NVD

CVSS Score 7.6

Severity HIGH

Published Jun 10, 2026

Vendor unknown

Description

An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters. Affected versions: Spring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5.

References

https://spring.io/security/cve-2026-41003