Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
Misconfigured Java-based web applications may expose user data
CVE-2025-68127
Summary
Some Java-based web applications may leak user data when handling user login attempts. This is due to a configuration issue that can allow unauthorized access to sensitive information. To fix this, update your application's configuration settings to ensure rejected login attempts are properly handled and do not expose user data.
Original title
Rejected reason: reserved but not needed
Original description
Rejected reason: reserved but not needed
Published: 13 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026