logo

Database

Server-side request forgery (SSRF) In org.springframework.security:spring-security-web

Description

Spring Security HTTP Headers Are not Written Under Some Conditions When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written.  This issue affects Spring Security: from 5.7.0 through 5.7.21, from 5.8.0 through 5.8.23, from 6.3.0 through 6.3.14, from 6.4.0 through 6.4.14, from 6.5.0 through 6.5.8, from 7.0.0 through 7.0.3.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2026-227322. NVD-2026-227323. OSV-2026-227324. GCVE-2026-22732

References

1. https://spring.io/security/cve-2026-22732

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.