Spring Product Security Update Advisory
Overview. Two vulnerabilities have been announced in the Spring product related to Spring Security. the vulnerability identifiers are CVE-2026-22753 and CVE-2026-22754. affected versions are Spring Security 7.0.0 and above and 7.0.4 and below. patches are available in version 7.0.5. Vulnerability details. CVE-2026-22753 is an issue with path matching in HttpSecurity#securityMatchers
