CVE-2026-22751
- Source
- https://cve.org/CVERecord?id=CVE-2026-22751
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-22751.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-22751
- Aliases
- Downstream
- Related
- Published
- 2026-04-21T18:30:35.428Z
- Modified
- 2026-05-28T04:11:19.648589312Z
- Severity
-
- 4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- Spring Security JdbcOneTimeTokenService allows a one-time token to authenticate multiple sessions
- Details
-
Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use (TOCTOU) race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0.0 through 7.0.4.
- Database specific
{ "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22751.json", "cna_assigner": "vmware", "unresolved_ranges": [ { "extracted_events": [ { "introduced": "6.4.0" }, { "last_affected": "6.4.15" }, { "introduced": "6.5.0" }, { "last_affected": "6.5.9" }, { "introduced": "7.0.0" }, { "last_affected": "7.0.4" } ], "source": "AFFECTED_FIELD" }, { "extracted_events": [ { "introduced": "6.4.0" }, { "fixed": "6.4.15" }, { "introduced": "6.5.0" }, { "fixed": "6.5.9" }, { "introduced": "7.0.0" }, { "fixed": "7.0.4" } ], "source": "DESCRIPTION" } ] }- References