CVE-2026-40993
HIGH SEVERITYCVSS Score & Metrics
Base Score
7.3 / 10
Vector String
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H
Vulnerability Description
An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository (saml2_asserting_party_metadata) may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials (verification_credentials and encryption_credentials, respectively).
Affected versions:
Spring Security 7.0.0 through 7.0.5.
Affected versions:
Spring Security 7.0.0 through 7.0.5.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-502
Source
NVD
Vendor
Spring
Product
Spring Security
Discussion (0)
Add Comment
No comments yet. Be the first!