CVE-2026-9370 | ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4 Password Hash SimpleGCMConfig.java getSecretKeySaltGenerator hash predictable salt (Issue 431)

A vulnerability, which was classified as problematic, was found in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4. Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password Hash Handler. Executing a manipulation can lead to use of a one-way hash with a predictable salt.

This vulnerability is tracked as CVE-2026-9370. The attack can be launched remotely. Moreover, an exploit is present.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-9370 | ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4 Password Hash SimpleGCMConfig.java getSecretKeySaltGenerator hash predictable salt (Issue 431)

Post correlati

CVE-2025-7632 | Zoho ManageEngine Exchange Reporter Plus up to 5723 Public Folders Report cross site scripting

CVE-2024-9525 | Avira Prime prior 6.27 System Speedup Service link following

CVE-2026-6711 | ryhowa Website LLMs.txt Plugin up to 8.2.6 on WordPress filter_input tab cross site scripting (EUVD-2026-24071)

CVE-2024-35207 | Siemens SINEC Traffic Analyzer up to 1.1 Web Interface cross-site request forgery (ssa-196737)