Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.1
Spring Security Web: Unauthorized Access via Malicious URLs
ROOT-APP-MAVEN-CVE-2026-22732
Summary
A security issue in Spring Security Web could allow attackers to bypass security checks using specially crafted URLs. This affects users of Spring Security Web who have not updated to a patched version. We recommend updating to a fixed version of Spring Security Web to prevent unauthorized access.
What to do
- Update io.root.org.springframework.security:spring-security-web to version 6.3.3-root.io.1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Root:Maven | – | io.root.org.springframework.security:spring-security-web |
< 6.3.3-root.io.1 Fix: upgrade to 6.3.3-root.io.1
|
Original title
CVE-2026-22732 in io.root.org.springframework.security:spring-security-web - Patched by Root
Original description
Root has patched CVE-2026-22732 in the io.root.org.springframework.security:spring-security-web package for Root:Maven. Multiple fixed versions available.
osv CVSS3.1
9.1
Published: 25 May 2026 · Updated: 29 May 2026 · First seen: 29 May 2026