Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates

GHSA-2jrg-rf5x-568g · CVE-2026-22747

Published Apr 22, 2026 · Modified May 5, 2026

Description

Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user.
This issue affects Spring Security: from 7.0.0 through 7.0.4.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2026-22747
WEB https://github.com/spring-projects/spring-security/commit/88118afb8f9357ae7cc215500a441e89fee701c3
PACKAGE https://github.com/spring-projects/spring-security
WEB https://spring.io/security/cve-2026-22747

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes