CVE-2026-40996

Vulnerability

The Wss4jSecurityInterceptor in Spring Web Services defaults the allowRSA15KeyTransportAlgorithm flag to true, overriding Apache WSS4J's safer default for validation RequestData. This causes inbound WS-Security decryption to accept RSA PKCS#1 v1.5 (rsa-1_5) encrypted key material unless operators explicitly reconfigure the flag. The affected versions are Spring Web Services 5.0.0 through 5.0.1, 4.1.0 through 4.1.3, 4.0.0 through 4.0.18, and 3.1.0 through 3.1.8 [1].

Exploitation

An attacker with a network position capable of man-in-the-middle or oracle-based attacks can exploit this weakness. No authentication or user interaction is required (CVSS: PR:N, UI:N). The attacker can force the use of RSA PKCS#1 v1.5 key transport during WS-Security message exchange, then leverage known cryptographic attacks against that legacy construction to compromise the confidentiality or integrity of the encrypted content [1].

Impact

Successful exploitation allows an attacker to achieve low confidentiality and low integrity impact (CVSS: C:L, I:L, A:N). Specifically, the attacker may decrypt or tamper with WS-Security encrypted messages, potentially exposing sensitive data or altering message content within the scope of the affected service [1].

Mitigation

Users should upgrade to the fixed versions: 5.0.2 (OSS), 4.1.4 (OSS), 4.0.19 (Enterprise Support Only), or 3.1.9 (Enterprise Support Only). If upgrading is not immediately possible, operators can explicitly disable RSA PKCS#1 v1.5 by calling setAllowRSA15KeyTransportAlgorithm(false) on the Wss4jSecurityInterceptor instance [1].