|
Vulnerabilities
< Back

CVE-2026-40988

Updated on 09 Jun 2026

Severity

7.5 High severity

Details

CVSS score
7.5
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE ID
Links
NISTCIRCLRHELUbuntu

Overview

About vulnerability

SVG ImageDescription

An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory.

SVG ImageAffected Spring Products and Versions

Spring Security:

  • 5.7.0 - 5.7.23
  • 5.8.0 - 5.8.25
  • 6.3.0 - 6.3.16
  • 6.4.0 - 6.4.16
  • 6.5.0 - 6.5.10
  • 7.0.0 - 7.0.5
  • Older, unsupported versions are also affected.

SVG ImageMitigation

Users of affected versions should upgrade to the corresponding fixed version.

Affected version(s) Fix version Availability
5.7.x 5.7.24 Enterprise Support Only
5.8.x 5.8.26 Enterprise Support Only
6.3.x 6.3.17 Enterprise Support Only
6.4.x 6.4.17 Enterprise Support Only
6.5.x 6.5.11 OSS
7.0.x 7.0.6 OSS

Note that for SAML Login, it is also recommended to disallow SAML Responses in GET requests by using OpenSaml5AuthenticationTokenConverter#setShouldConvertGetRequests(false).

SVG ImageCredit

The issue was identified and responsibly reported anonymously.

SVG ImageReferences

SVG ImageHistory

  • 2026-06-09: Initial vulnerability report published.

Details

Affected product:
Apache CXF , Apache Log4j , Spring
Affected packages:
Spring Security @ 6.4.3 (+957 more)

SVG ImageDescription

An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory.

SVG ImageAffected Spring Products and Versions

Spring Security:

  • 5.7.0 - 5.7.23
  • 5.8.0 - 5.8.25
  • 6.3.0 - 6.3.16
  • 6.4.0 - 6.4.16
  • 6.5.0 - 6.5.10
  • 7.0.0 - 7.0.5
  • Older, unsupported versions are also affected.

SVG ImageMitigation

Users of affected versions should upgrade to the corresponding fixed version.

Affected version(s) Fix version Availability
5.7.x 5.7.24 Enterprise Support Only
5.8.x 5.8.26 Enterprise Support Only
6.3.x 6.3.17 Enterprise Support Only
6.4.x 6.4.17 Enterprise Support Only
6.5.x 6.5.11 OSS
7.0.x 7.0.6 OSS

Note that for SAML Login, it is also recommended to disallow SAML Responses in GET requests by using OpenSaml5AuthenticationTokenConverter#setShouldConvertGetRequests(false).

SVG ImageCredit

The issue was identified and responsibly reported anonymously.

SVG ImageReferences

SVG ImageHistory

  • 2026-06-09: Initial vulnerability report published.