CVE-2026-40993— Unfiltered Java Native Deserialization of SAML 2.0 Asserting Party Credentials BLOB Database Entry
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Spring | Spring Security | 7.0.0< 7.0.6 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-40993
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unfiltered Java Native Deserialization of SAML 2.0 Asserting Party Credentials BLOB Database Entry
Source: NVD (National Vulnerability Database)
Vulnerability Description
An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository (saml2_asserting_party_metadata) may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials (verification_credentials and encryption_credentials, respectively). Affected versions: Spring Security 7.0.0 through 7.0.5.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
可信数据的反序列化
Source: NVD (National Vulnerability Database)
Vulnerability Title
VMware Spring Security 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
VMware Spring Security是美国威睿(VMware)公司的一套为基于Spring的应用程序提供说明性安全保护的安全框架。 VMware Spring Security 7.0.0至7.0.5版本存在代码问题漏洞,该漏洞源于对JdbcAssertingPartyMetadataRepository管理的数据库表具有写入权限的攻击者,可能在包含验证或加密凭据集合的列中存储恶意序列化有效载荷。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Spring | Spring Security | 7.0.0 ~ 7.0.6 | - |
II. Public POCs for CVE-2026-40993
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-40993
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-40993 (1)
Same Patch Batch · Spring · 2026-06-09 · 51 CVEs total
| CVE-2026-41717 | 8.1 HIGH | Spring Data MongoDB - SpEL Expression Injection via Annotated Query Parameter Binding |
| CVE-2026-41732 | 8.1 HIGH | In Spring for Apache Pulsar, overly broad trusted-package matching in header mapper expose |
| CVE-2026-41855 | 8.1 HIGH | Spring Framework Unsafe Deserialization via Jackson JMS Converters |
| CVE-2026-41729 | 8.1 HIGH | Spring Data REST SpEL Injection via Map Key in JSON Patch |
| CVE-2026-41731 | 8.1 HIGH | In Spring for Apache Kafka, overly broad trusted-package matching in header mappers expose |
| CVE-2026-41003 | 7.6 HIGH | Unencoded HTML Outputs in Spring Security May Allow Cross-Site Scripting |
| CVE-2026-41728 | 7.5 HIGH | Spring Data REST JSON Patch bypasses Jackson read-only property protection on nested objec |
| CVE-2026-40988 | 7.5 HIGH | Unbounded DEFLATE Inflation in SAML 2.0 Service Provider |
| CVE-2026-40983 | 7.5 HIGH | Micrometer gRPC server instrumentation DoS vulnerability |
| CVE-2026-40984 | 7.5 HIGH | Micrometer HTTP server instrumentations DoS vulnerability |
| CVE-2026-41850 | 7.5 HIGH | Spring Framework Algorithmic Denial of Service via SpEL Expressions |
| CVE-2026-41716 | 7.5 HIGH | Spring Data web support unbounded negative-result cache keyed on attacker-supplied propert |
| CVE-2026-41695 | 7.5 HIGH | Denial of Service in Spring Data Commons Property Path Resolution |
| CVE-2026-41849 | 7.5 HIGH | Spring Framework Denial of Service via Integer Overflow in SpEL Expressions |
| CVE-2026-41006 | 7.5 HIGH | Spring HATEOAS Collection+JSON/UBER deserializers do not honor Jackson configuration |
| CVE-2026-41007 | 7.5 HIGH | Spring HATEOAS heap exhaustion through unbounded internal caching |
| CVE-2026-41842 | 7.5 HIGH | Spring Framework Denial of Service via Versioned Resources in Spring MVC and WebFlux |
| CVE-2026-41720 | 7.4 HIGH | Authentication Bypass with Empty Password in Spring LDAP |
| CVE-2026-41845 | 7.1 HIGH | Spring Framework Cross-site Scripting via JavaScriptUtils |
| CVE-2026-47838 | 6.8 MEDIUM | Unauthorized User Impersonation when Using X.509 Client Certificates |
Showing top 20 of 51 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: Spring Security
- CVE-2026-47838
Unauthorized User Impersonation when Using X.509 Client Cert - CVE-2026-41706
Open Redirect When Using CookieRequestCache - CVE-2026-41694
SAML Payloads Decrypted Without Valid Signature - CVE-2026-41008
Spring Security Authorization Server Open Redirect via reque - CVE-2026-41003
Unencoded HTML Outputs in Spring Security May Allow Cross-Si
Same vendor: Spring
- CVE-2026-47825
Spring Cloud Gateway Server Forwards Headers from Untrusted - CVE-2026-41708
Spring Cloud Sleuth instrumentation of Spring TX DoS vulnera - CVE-2026-47835
Spring AI vector store metadata filtering to handle special - CVE-2026-41856
Spring GraphQL Annotation Detection Vulnerability - CVE-2026-41700
Cross-Site WebSocket Hijacking in Spring for GraphQL
Same weakness: CWE-502
- CVE-2026-48909
Joomla Extension - joomshaper.com - PHP Object injection in - CVE-2026-49286
PhpWeasyPrint vulnerable to PHAR deserialization via output - CVE-2025-27511
GeoServer DB2 DataStore Extension has a JNDI Vulnerability v - CVE-2026-8024
Deserialization vulnerability in ibaPDA and ibaDatCoordinato - CVE-2026-53805
NVIDIA SIL GEN3C Unauthenticated RCE via Pickle Deserializat
V. Comments for CVE-2026-40993
No comments yet