CVE-2026-22732

import requests # PoC to check for missing security headers in Spring Security # Target URL should be an endpoint protected by Spring Security target_url = "http://vulnerable-app.example.com/login" try: response = requests.get(target_url) headers = response.headers # List of headers that might be missing due to CVE-2026-22732 critical_headers = [ "Content-Security-Policy", "X-Frame-Options", "Strict-Transport-Security" ] print(f"[+] Checking headers for {target_url}") vulnerability_found = False for header in critical_headers: if header not in headers: print(f"[!] MISSING CRITICAL HEADER: {header}") vulnerability_found = True if vulnerability_found: print("[+] Potential CVE-2026-22732 vulnerability detected.") else: print("[-] Critical headers present. Target may not be vulnerable.") except Exception as e: print(f"Error: {e}")

{"cve": {"id": "CVE-2026-22732", "sourceIdentifier": "[email protected]", "published": "2026-03-19T23:16:41.253", "lastModified": "2026-04-16T04:29:24.503", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. \nThis issue affects Spring Security Servlet applications using lazy (default) writing of HTTP Headers:\n\n: from 5.7.0 through 5.7.21, from 5.8.0 through 5.8.23, from 6.3.0 through 6.3.14, from 6.4.0 through 6.4.14, from 6.5.0 through 6.5.8, from 7.0.0 through 7.0.3."}, {"lang": "es", "value": "Cuando las aplicaciones especifican encabezados de respuesta HTTP para aplicaciones servlet que utilizan Spring Security, existe la posibilidad de que los encabezados HTTP no se escriban. Este problema afecta a Spring Security: desde 5.7.0 hasta 5.7.21, desde 5.8.0 hasta 5.8.23, desde 6.3.0 hasta 6.3.14, desde 6.4.0 hasta 6.4.14, desde 6.5.0 hasta 6.5.8, desde 7.0.0 hasta 7.0.3."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "baseScore": 9.1, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 5.2}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-425"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*", "versionEndExcluding": "5.7.22", "matchCriteriaId": "A26C5B8B-290A-4D96-B6CB-DD80AFC1FC69"}, {"vulnerable": true, "criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.8.0", "versionEndExcluding": "5.8.24", "matchCriteriaId": "F2BEA7DD-1479-498E-8920-64CFF6470836"}, {"vulnerable": true, "criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.3.0", "versionEndExcluding": "6.3.15", "matchCriteriaId": "66AC616D-9661-4913-8278-F1E49CF4F869"}, {"vulnerable": true, "criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.4.0", "versionEndExcluding": "6.4.15", "matchCriteriaId": "979904B0-FAB8-4153-840F-BFCAAC608FA9"}, {"vulnerable": true, "criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5.0", "versionEndExcluding": "6.5.9", "matchCriteriaId": "519BA551-813A-4757-82CB-6CED8FF97801"}, {"vulnerable": true, "criteria": "cpe:2.3:a:vmware:spring_security:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0.0", "versionEndExcluding": "7.0.4", "matchCriteriaId": "B92F3249-AA17-4A34-938C-89E0E2A9A87A"}]}]}], "references": [{"url": "https://spring.io/security/cve-2026-22732", "source": "[email protected]", "tags": ["Vendor Advisory", "Exploit"]}]}}