CVE-2026-40993 HIGH

CVE-2026-40993: Unfiltered Java Native Deserialization of SAML 2.0 Asserting Party Credentials BLOB Database Entry

Vendor Spring

Product Spring Security

Weakness CWE-502 · Unsafe deserialization

Published June 9, 2026

Last update June 10, 2026

View on NVD All CVEs

CVSS base score

7.3/10

Attack vector Adjacent

Attack complexity High

Privileges required High

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H

What the vulnerability does

Description

An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository (saml2_asserting_party_metadata) may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials (verification_credentials and encryption_credentials, respectively). Affected versions: Spring Security 7.0.0 through 7.0.5.

Key dates

Disclosure timeline

June 9, 2026 CVE published

June 10, 2026 Record updated