Vulnerability-Lookup

WID-SEC-W-2026-0799

Vulnerability from csaf_certbund - Published: 2026-03-19 23:00 - Updated: 2026-06-10 22:00

Summary

VMware Tanzu Spring Boot Actuator: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Spring Boot ist ein Framework zur Entwicklung von Java Anwendungen. Spring Boot basiert auf dem Spring Framework.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in VMware Tanzu Spring Boot Actuator ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2026-22731

Affected products

Known affected 5 products

Product	Identifier	Version
VMware Tanzu Spring Boot <4.0.4 VMware Tanzu / Spring Boot		<4.0.4
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Apache Camel for Spring Boot Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_for_spring_boot`	Apache Camel for Spring Boot
VMware Tanzu Spring Boot <3.5.12 VMware Tanzu / Spring Boot		<3.5.12
VMware Tanzu Spring Boot <3.4.15 VMware Tanzu / Spring Boot		<3.4.15

CVE-2026-22733

Affected products

Known affected 7 products

Product	Identifier	Version
VMware Tanzu Spring Boot <4.0.4 VMware Tanzu / Spring Boot		<4.0.4
Red Hat Enterprise Linux Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:-`	—
Red Hat Enterprise Linux Apache Camel for Spring Boot Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:apache_camel_for_spring_boot`	Apache Camel for Spring Boot
VMware Tanzu Spring Boot <3.3.18 VMware Tanzu / Spring Boot		<3.3.18
VMware Tanzu Spring Boot <2.7.32 VMware Tanzu / Spring Boot		<2.7.32
VMware Tanzu Spring Boot <3.5.12 VMware Tanzu / Spring Boot		<3.5.12
VMware Tanzu Spring Boot <3.4.15 VMware Tanzu / Spring Boot		<3.4.15

References

7 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://spring.io/security/cve-2026-22731	external
https://spring.io/security/cve-2026-22733	external
https://access.redhat.com/errata/RHSA-2026:10175	external
https://access.redhat.com/errata/RHSA-2026:17668	external
https://access.redhat.com/errata/RHSA-2026:25089	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Spring Boot ist ein Framework zur Entwicklung von Java Anwendungen. Spring Boot basiert auf dem Spring Framework.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in VMware Tanzu Spring Boot Actuator ausnutzen, um Sicherheitsvorkehrungen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0799 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0799.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0799 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0799"
      },
      {
        "category": "external",
        "summary": "Spring Security Advisory CVE-2026-22731 vom 2026-03-19",
        "url": "https://spring.io/security/cve-2026-22731"
      },
      {
        "category": "external",
        "summary": "Spring Security Advisory CVE-2026-22733 vom 2026-03-19",
        "url": "https://spring.io/security/cve-2026-22733"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:10175 vom 2026-04-23",
        "url": "https://access.redhat.com/errata/RHSA-2026:10175"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:17668 vom 2026-05-14",
        "url": "https://access.redhat.com/errata/RHSA-2026:17668"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:25089 vom 2026-06-10",
        "url": "https://access.redhat.com/errata/RHSA-2026:25089"
      }
    ],
    "source_lang": "en-US",
    "title": "VMware Tanzu Spring Boot Actuator: Mehrere Schwachstellen erm\u00f6glichen Umgehen von Sicherheitsvorkehrungen",
    "tracking": {
      "current_release_date": "2026-06-10T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-11T10:52:00.964+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-0799",
      "initial_release_date": "2026-03-19T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-03-19T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-04-23T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-05-14T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-06-10T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux",
                "product": {
                  "name": "Red Hat Enterprise Linux",
                  "product_id": "67646",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Apache Camel for Spring Boot",
                "product": {
                  "name": "Red Hat Enterprise Linux Apache Camel for Spring Boot",
                  "product_id": "T040879",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:apache_camel_for_spring_boot"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c4.0.4",
                "product": {
                  "name": "VMware Tanzu Spring Boot \u003c4.0.4",
                  "product_id": "T051949"
                }
              },
              {
                "category": "product_version",
                "name": "4.0.4",
                "product": {
                  "name": "VMware Tanzu Spring Boot 4.0.4",
                  "product_id": "T051949-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:vmware_tanzu:spring_boot:4.0.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.5.12",
                "product": {
                  "name": "VMware Tanzu Spring Boot \u003c3.5.12",
                  "product_id": "T051950"
                }
              },
              {
                "category": "product_version",
                "name": "3.5.12",
                "product": {
                  "name": "VMware Tanzu Spring Boot 3.5.12",
                  "product_id": "T051950-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:vmware_tanzu:spring_boot:3.5.12"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.4.15",
                "product": {
                  "name": "VMware Tanzu Spring Boot \u003c3.4.15",
                  "product_id": "T051951"
                }
              },
              {
                "category": "product_version",
                "name": "3.4.15",
                "product": {
                  "name": "VMware Tanzu Spring Boot 3.4.15",
                  "product_id": "T051951-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:vmware_tanzu:spring_boot:3.4.15"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c3.3.18",
                "product": {
                  "name": "VMware Tanzu Spring Boot \u003c3.3.18",
                  "product_id": "T051952"
                }
              },
              {
                "category": "product_version",
                "name": "3.3.18",
                "product": {
                  "name": "VMware Tanzu Spring Boot 3.3.18",
                  "product_id": "T051952-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:vmware_tanzu:spring_boot:3.3.18"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c2.7.32",
                "product": {
                  "name": "VMware Tanzu Spring Boot \u003c2.7.32",
                  "product_id": "T051953"
                }
              },
              {
                "category": "product_version",
                "name": "2.7.32",
                "product": {
                  "name": "VMware Tanzu Spring Boot 2.7.32",
                  "product_id": "T051953-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:vmware_tanzu:spring_boot:2.7.32"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Spring Boot"
          }
        ],
        "category": "vendor",
        "name": "VMware Tanzu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-22731",
      "product_status": {
        "known_affected": [
          "T051949",
          "67646",
          "T040879",
          "T051950",
          "T051951"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-22731"
    },
    {
      "cve": "CVE-2026-22733",
      "product_status": {
        "known_affected": [
          "T051949",
          "67646",
          "T040879",
          "T051952",
          "T051953",
          "T051950",
          "T051951"
        ]
      },
      "release_date": "2026-03-19T23:00:00.000+00:00",
      "title": "CVE-2026-22733"
    }
  ]
}

CVE-2026-22731 (GCVE-0-2026-22731)

Vulnerability from cvelistv5 – Published: 2026-03-19 22:36 – Updated: 2026-03-20 15:33

Title

Authentication Bypass under Actuator Health groups paths

Summary

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: from 4.0 before 4.0.3, from 3.5 before 3.5.11, from 3.4 before 3.4.15. This CVE is similar but not equivalent to CVE-2026-22733, as the conditions for exploit and vulnerable versions are different.

Severity

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-288 - Authentication bypass using an alternate path or channel

Assigner

vmware

References

1 reference

URL	Tags
https://spring.io/security/cve-2026-22731

Impacted products

1 product

Vendor	Product	Version
Spring	Spring Boot	Affected: 4.0 , < 4.0.3 (custom) Affected: 3.5 , < 3.5.11 (custom) Affected: 3.4 , < 3.4.15 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22731",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-20T15:33:35.462671Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-20T15:33:43.191Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Spring Boot",
          "vendor": "Spring",
          "versions": [
            {
              "lessThan": "4.0.3",
              "status": "affected",
              "version": "4.0",
              "versionType": "custom"
            },
            {
              "lessThan": "3.5.11",
              "status": "affected",
              "version": "3.5",
              "versionType": "custom"
            },
            {
              "lessThan": "3.4.15",
              "status": "affected",
              "version": "3.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Spring Boot applications with Actuator can be vulnerable to an \"Authentication Bypass\" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path.\u003cbr\u003e\u003cp\u003eThis issue affects Spring Boot: from 4.0 before 4.0.3, from 3.5 before 3.5.11, from 3.4 before 3.4.15.\u003cbr\u003eThis CVE is similar but not equivalent to CVE-2026-22733, as the conditions for exploit and vulnerable versions are different.\u003c/p\u003e"
            }
          ],
          "value": "Spring Boot applications with Actuator can be vulnerable to an \"Authentication Bypass\" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path.\nThis issue affects Spring Boot: from 4.0 before 4.0.3, from 3.5 before 3.5.11, from 3.4 before 3.4.15.\nThis CVE is similar but not equivalent to CVE-2026-22733, as the conditions for exploit and vulnerable versions are different."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication bypass using an alternate path or channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-19T22:36:15.112Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://spring.io/security/cve-2026-22731"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Authentication Bypass under Actuator Health groups paths",
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2026-22731",
    "datePublished": "2026-03-19T22:36:15.112Z",
    "dateReserved": "2026-01-09T06:54:41.498Z",
    "dateUpdated": "2026-03-20T15:33:43.191Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-22733 (GCVE-0-2026-22733)

Vulnerability from cvelistv5 – Published: 2026-03-19 23:29 – Updated: 2026-03-20 14:45

Title

Authentication Bypass under Actuator CloudFoundry endpoints

Summary

Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints. This issue affects Spring Security: from 4.0.0 through 4.0.3, from 3.5.0 through 3.5.11, from 3.4.0 through 3.4.14, from 3.3.0 through 3.3.17, from 2.7.0 through 2.7.31.

Severity

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-288 - Authentication bypass using an alternate path or channel

Assigner

vmware

References

1 reference

URL	Tags
https://spring.io/security/cve-2026-22733

Impacted products

1 product

Vendor	Product	Version
Spring	Spring Security	Affected: 4.0.0 , ≤ 4.0.3 (custom) Affected: 3.5.0 , ≤ 3.5.11 (custom) Affected: 3.4.0 , ≤ 3.4.14 (custom) Affected: 3.3.0 , ≤ 3.3.17 (custom) Affected: 2.7.0 , ≤ 2.7.31 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-22733",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-20T14:45:09.953150Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-20T14:45:18.731Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Spring Security",
          "vendor": "Spring",
          "versions": [
            {
              "lessThanOrEqual": "4.0.3",
              "status": "affected",
              "version": "4.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "3.5.11",
              "status": "affected",
              "version": "3.5.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "3.4.14",
              "status": "affected",
              "version": "3.4.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "3.3.17",
              "status": "affected",
              "version": "3.3.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "2.7.31",
              "status": "affected",
              "version": "2.7.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Spring Boot applications with Actuator can be vulnerable to an \"Authentication Bypass\" vulnerability when an application endpoint that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints.\u0026nbsp;\u003cspan\u003eThis issue affects Spring Security: from 4.0.0 through 4.0.3, from 3.5.0 through 3.5.11, from 3.4.0 through 3.4.14, from 3.3.0 through 3.3.17, from 2.7.0 through 2.7.31.\u003c/span\u003e"
            }
          ],
          "value": "Spring Boot applications with Actuator can be vulnerable to an \"Authentication Bypass\" vulnerability when an application endpoint that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints.\u00a0This issue affects Spring Security: from 4.0.0 through 4.0.3, from 3.5.0 through 3.5.11, from 3.4.0 through 3.4.14, from 3.3.0 through 3.3.17, from 2.7.0 through 2.7.31."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication bypass using an alternate path or channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-19T23:29:10.098Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://spring.io/security/cve-2026-22733"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Authentication Bypass under Actuator CloudFoundry endpoints",
      "x_generator": {
        "engine": "Vulnogram 1.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2026-22733",
    "datePublished": "2026-03-19T23:29:10.098Z",
    "dateReserved": "2026-01-09T06:54:41.498Z",
    "dateUpdated": "2026-03-20T14:45:18.731Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-0799

CVE-2026-22731 (GCVE-0-2026-22731)

CVE-2026-22733 (GCVE-0-2026-22733)

Tags

Sightings

Nomenclature