Authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server.
This issue affects Spring Authorization Server: from 7.0.0 through 7.0.4, from 1.5.0 through 1.5.6, from 1.4.0 through 1.4.9, from 1.3.0 through 1.3.10.
Metrics
Affected Vendors & Products
References
| Link | Providers |
|---|---|
| https://spring.io/security/cve-2026-22752 |
|
History
Thu, 16 Jul 2026 13:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 16 Jul 2026 09:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Authentication bypass by primary weakness vulnerability in Spring Security Spring Authorization Server. This issue affects Spring Authorization Server: from 7.0.0 through 7.0.4, from 1.5.0 through 1.5.6, from 1.4.0 through 1.4.9, from 1.3.0 through 1.3.10. | |
| Title | Spring Security Authorization Server Dynamic Client Registration endpoints perform insufficient validation of client metadata | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: vmware
Published:
Updated: 2026-07-16T12:16:22.917Z
Reserved: 2026-01-09T06:55:03.990Z
Link: CVE-2026-22752
Updated: 2026-07-16T12:16:15.955Z
No data.
No data.
OpenCVE Enrichment
No data.