(AGENPARL) - Roma, 20 Marzo 2026 -
<article data-history-node-id="7422" about="/en/alerts-advisories/spring-security-advisory-av26-259" class="cccs-threats full clearfix">
<div class="content">
<div class="layout layout–onecol">
<div class="layout__region layout__region–content">
<div data-block-plugin-id="extra_field_block:node:cccs_threats:links" class="block block-layout-builder block-extra-field-blocknodecccs-threatslinks clearfix">
</div>
<div data-block-plugin-id="field_block:node:cccs_threats:body" class="block block-layout-builder block-field-blocknodecccs-threatsbody clearfix">
<div class="field field–name-body field–type-text-with-summary field–label-hidden field–item"><p><strong>Serial number: </strong>AV26-259<br /><strong>Date: </strong>March 19, 2026</p>
<p>On March 19, 2026, Spring published security advisories to address vulnerabilities in the following products. Included was a critical update for the following:</p>
<ul><li><span lang="en" xml:lang="en" xml:lang="en">Spring Boot</span> – multiple versions</li>
<li><span lang="en" xml:lang="en" xml:lang="en">Spring Security</span> – multiple versions</li>
</ul><p class="mrgn-bttm-md">The Cyber Centre encourages users and administrators to review the provided web links and apply the necessary updates.</p>
<ul class="list-unstyled"><li><a href="https://spring.io/security/cve-2026-22731">CVE-2026-22731: Authentication Bypass under Actuator Health groups paths</a></li>
<li><a href="https://spring.io/security/cve-2026-22732">CVE-2026-22718: Under Some Conditions Spring Security HTTP Headers Are not Written</a></li>
<li><a href="https://spring.io/security/cve-2026-22733">CVE-2026-22733: Authentication Bypass under Actuator CloudFoundry endpoints</a></li>
<li><a href="https://spring.io/security">Spring Security Advisories</a></li>
</ul></div>
</div>
</div>
</div>
</div>
</article>
(AGENPARL)
