CVE

CVE-2026-22733

CVE ID	CVE-2026-22733
CVSS Score	8.1
Operating System	Spring Boot
Affected Versions
Patched Versions	2.7.23-OL
Patch Date	May 15, 2026
Last Updated Date
Vector String

Additional Information

CVE Issue Summary:

Spring Boot 2.7.23 updates request mapping and security handling to ensure Cloud Foundry actuator path processing cannot bypass intended application authorization rules.

As a defense-in-depth measure:
• Avoid exposing application endpoints under Cloud Foundry actuator namespaces
• Prefer secure-by-default authorization policies such as:.anyRequest().authenticated()
• Explicitly whitelist only intended public endpoints

< View all CVEs