CVE-2026-41694: CWE-347: Improper Verification of Cryptographic Signature in Spring Spring Security
CVE-2026-41694 is a vulnerability in Spring Security SAML where SAML Responses and certain elements of LogoutRequests and LogoutResponses are decrypted without requiring a valid cryptographic signature. This improper verification could allow attackers to craft malicious SAML payloads and use the Service Provider as a decryption oracle. The issue affects multiple versions of Spring Security from 5. 7. 0 through 7. 0. 5 in specified subranges. The CVSS score is 3. 7, indicating a low severity vulnerability.
AI Analysis
Technical Summary
Spring Security SAML does not properly verify cryptographic signatures before decrypting SAML Responses and elements of LogoutRequests and LogoutResponses. This flaw (CWE-347) allows attackers to submit crafted SAML payloads that the service provider decrypts without signature validation, potentially enabling the service provider to be used as a decryption oracle. The vulnerability affects Spring Security versions 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; and 7.0.0 through 7.0.5. No vendor advisory or patch information is provided, and no known exploits are reported in the wild.
Potential Impact
The vulnerability allows attackers to craft SAML payloads that are decrypted by the service provider without verifying the signature, potentially enabling the service provider to be used as a decryption oracle. The impact is limited to confidentiality (low impact on confidentiality), with no reported impact on integrity or availability. The CVSS base score of 3.7 reflects this low severity.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or remediation level is provided, users should monitor Spring Security advisories for updates. Until a fix is available, consider restricting or validating SAML inputs through additional controls if possible.
CVE-2026-41694: CWE-347: Improper Verification of Cryptographic Signature in Spring Spring Security
Description
CVE-2026-41694 is a vulnerability in Spring Security SAML where SAML Responses and certain elements of LogoutRequests and LogoutResponses are decrypted without requiring a valid cryptographic signature. This improper verification could allow attackers to craft malicious SAML payloads and use the Service Provider as a decryption oracle. The issue affects multiple versions of Spring Security from 5. 7. 0 through 7. 0. 5 in specified subranges. The CVSS score is 3. 7, indicating a low severity vulnerability.
CVSS v3.1
Score 3.7low
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Spring Security SAML does not properly verify cryptographic signatures before decrypting SAML Responses and elements of LogoutRequests and LogoutResponses. This flaw (CWE-347) allows attackers to submit crafted SAML payloads that the service provider decrypts without signature validation, potentially enabling the service provider to be used as a decryption oracle. The vulnerability affects Spring Security versions 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10; and 7.0.0 through 7.0.5. No vendor advisory or patch information is provided, and no known exploits are reported in the wild.
Potential Impact
The vulnerability allows attackers to craft SAML payloads that are decrypted by the service provider without verifying the signature, potentially enabling the service provider to be used as a decryption oracle. The impact is limited to confidentiality (low impact on confidentiality), with no reported impact on integrity or availability. The CVSS base score of 3.7 reflects this low severity.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official fix or remediation level is provided, users should monitor Spring Security advisories for updates. Until a fix is available, consider restricting or validating SAML inputs through additional controls if possible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- vmware
- Date Reserved
- 2026-04-22T06:21:22.981Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a28a8028dd33fbd8595ef64
Added to database: 6/9/2026, 11:55:46 PM
Last enriched: 6/10/2026, 12:26:13 AM
Last updated: 6/10/2026, 7:20:15 AM
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.