Primary

Context

Spring Security Servlet Path Matching Vulnerability Leading to Authorization Bypass

Vulnerability

Patched

A vulnerability exists in Spring Security versions 7.0.0 through 7.0.4, where the servlet path defined in XML authorization rules is not properly included in path matching. This issue arises when using the `<sec:intercept-url servlet-path="/servlet-path" pattern="/endpoint/**"/>` configuration. As a result, the associated authorization rules are not applied, potentially allowing unauthorized access to protected resources.

Impact

Exploitation of this vulnerability can lead to unauthorized access by bypassing defined authorization rules, allowing users to access endpoints without proper authentication or authorization.

Remediation

Users can upgrade to Spring Security 7.0.5 to address this vulnerability. If an upgrade is not possible, the servlet path can be directly included in the URL pattern for the `intercept-url` element, using an appropriate `access` expression for the application.

Added: Apr 22, 2026, 6:18 AM

Updated: Apr 22, 2026, 6:18 AM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

1.3

exploitability

4.7

remediation

7.9

relevance

6.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

1.3

exploitability

4.7

remediation

7.9

relevance

6.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Spring Security Servlet Path Matching Vulnerability Leading to Authorization Bypass

Vulnerability

Impact

Remediation

Affected Products

Spring Security

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating