Home
LOW: 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NDefault status
unaffected
5.7.0 (custom) before 5.7.24
affected
5.8.0 (custom) before 5.8.26
affected
6.3.0 (custom) before 6.3.17
affected
6.4.0 (custom) before 6.4.17
affected
6.5.0 (custom) before 6.5.11
affected
7.0.0 (custom) before 7.0.6
affected
Description
Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle. Affected versions: Spring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5.
Problem types
CWE-347: Improper Verification of Cryptographic Signature
Product status
5.7.0 (custom) before 5.7.24
5.8.0 (custom) before 5.8.26
6.3.0 (custom) before 6.3.17
6.4.0 (custom) before 6.4.17
6.5.0 (custom) before 6.5.11
7.0.0 (custom) before 7.0.6
References
spring.io/security/cve-2026-41694