CVE-2026-22753

medium Red Hat
CVSS v3 Base Score
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.1%
Exploitation probability in 30 days
Top 80% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Confidentiality
None
Integrity
None
Availability
High
Published: April 22, 2026 (79 days ago)
Last Modified: April 22, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in Spring Security. When an application uses specific configurations involving `securityMatchers(String)` and `PathPatternRequestMatcher.Builder` to handle servlet paths, the intended security controls may not be applied. This can result in a security bypass, where authentication and authorization mechanisms are rendered inactive, potentially allowing an attacker to gain unauthorized access or perform actions without proper validation.

CWE

CWE-551

Affected Products

OpenShift Developer Tools and ServicesRed Hat build of Apache Camel for Spring Boot 4Red Hat build of Apache Camel - HawtIO 4Red Hat build of QuarkusRed Hat Data Grid 8Red Hat Fuse 7Red Hat JBoss Enterprise Application Platform 7Red Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat OpenShift Dev Spaces

References