Home
MEDIUM: 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NDefault status
unaffected
5.7.0 (custom) before 5.7.24
affected
5.8.0 (custom) before 5.8.26
affected
6.3.0 (custom) before 6.3.17
affected
6.4.0 (custom) before 6.4.17
affected
6.5.0 (custom) before 6.5.11
affected
7.0.0 (custom) before 7.0.6
affected
Description
Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL is stored in the cookie and is used without validation as the post-login redirect target. Affected versions: Spring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; 7.0.0 through 7.0.5.
Problem types
CWE-601: URL Redirection to Untrusted Site (Open Redirect)
Product status
5.7.0 (custom) before 5.7.24
5.8.0 (custom) before 5.8.26
6.3.0 (custom) before 6.3.17
6.4.0 (custom) before 6.4.17
6.5.0 (custom) before 6.5.11
7.0.0 (custom) before 7.0.6
References
spring.io/security/cve-2026-41706