Back to CVE List

CVE-2026-22748

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
5.3 / 10
Vector String
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Vulnerability Description

Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder  or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator<Jwt> separately, for example by calling setJwtValidator.This issue affects Spring Security: from 6.3.0 through 6.3.14, from 6.4.0 through 6.4.14, from 6.5.0 through 6.5.9, from 7.0.0 through 7.0.4.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-20
Source
NVD
Vendor
Spring
Product
Spring Security

External References

Discussion (0)

Add Comment

No comments yet. Be the first!