CyberRota
← Ana sayfaya dön

CVE-2026-47838

MEDIUM · CVSS 6.8 EPSS %0.12

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-10T00:16:54.897 · Çekilme zamanı: 2026-06-30T12:15:51.575045+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

CVE
CVE-2026-47838
Severity
MEDIUM
CVSS
6.8
EPSS
%0.12

Orijinal NVD Açıklaması

SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. Affected versions: Spring Security 5.7.0 through 5.7.24; 5.8.0 through 5.8.26; 6.3.0 through 6.3.17; 6.4.0 through 6.4.17; 6.5.0 through 6.5.10.