CVE-2026-47838 MEDIUM

CVE-2026-47838: Unauthorized User Impersonation when Using X.509 Client Certificates

Vendor Spring
Product Spring Security
Weakness CWE-287 · Improper authentication
Published June 9, 2026
Last update June 11, 2026

CVSS base score

6.8/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate, this can lead to an attacker impersonating another user. Affected versions: Spring Security 5.7.0 through 5.7.24; 5.8.0 through 5.8.26; 6.3.0 through 6.3.17; 6.4.0 through 6.4.17; 6.5.0 through 6.5.10.

Key dates

02Disclosure timeline

June 9, 2026 CVE published
June 11, 2026 Record updated