CVE-2026-22748 | Vmware Spring Security up to 6.3.14/6.4.14/6.5.9/7.0.4 JWT Decoding NimbusJwtDecoder/NimbusReactiveJwtDecoder

Inserito da Angelo Barbosa | Apr 22, 2026 | CVE

A vulnerability, which was classified as problematic, has been found in Vmware Spring Security up to 6.3.14/6.4.14/6.5.9/7.0.4. This vulnerability affects the function NimbusJwtDecoder/NimbusReactiveJwtDecoder of the component JWT Decoding. Performing a manipulation results in an unknown weakness.

This vulnerability is cataloged as CVE-2026-22748. It is possible to initiate the attack remotely. There is no exploit available.

It is advisable to upgrade the affected component.

CVE-2026-22748 | Vmware Spring Security up to 6.3.14/6.4.14/6.5.9/7.0.4 JWT Decoding NimbusJwtDecoder/NimbusReactiveJwtDecoder

Post correlati

CVE-2026-21870 | bacnet-stack up to 1.4.2/1.5.0.rc2 tokenizer.c tokenizer_string off-by-one (GHSA-pc83-wp6w-93mx)

CVE-2026-2183 | Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73 /restructured/csv.php unrestricted upload

CVE-2026-1286 | Schneider Electric EcoStruxure Foxboro DCS up to 8.0 Project File deserialization (SEVD-2026-069-03)

CVE-2024-22027 | AYS Pro Plugins Quiz Maker Plugin prior 6.5.0.6 on WordPress denial of service