Primary

Context

Spring Security User Impersonation Vulnerability via Malformed X.509 Certificate CN Values

Vulnerability

Patched

A vulnerability exists in Spring Security versions 7.0.0 prior to 7.0.4, within the 'SubjectX500PrincipalExtractor' component. This issue arises because the extractor does not properly manage certain malformed X.509 certificate Common Name (CN) values. As a result, it can misread the username, potentially allowing an attacker to impersonate another user by exploiting a carefully crafted certificate. This vulnerability is situated within Spring Security's pre-authentication flow, which relies on credentials being validated by a trusted source upstream. Therefore, exploiting this issue assumes a compromise of that trust.

Impact

Successful exploitation allows for unauthorized user impersonation, where an attacker can assume the identity of another user within the application.

Remediation

Users should upgrade to Spring Security version 7.0.5, which addresses this vulnerability. This fix is available in the open-source version.

Added: Apr 22, 2026, 6:20 AM

Updated: Apr 22, 2026, 6:20 AM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

4.1

remediation

7.7

relevance

6.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

0.6

exploitability

4.1

remediation

7.7

relevance

6.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Spring Security User Impersonation Vulnerability via Malformed X.509 Certificate CN Values

Vulnerability

Impact

Remediation

Affected Products

Spring Security

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating