Maven package
org.springframework.boot/spring-boot-starter-actuator
pkg:maven/org.springframework.boot/spring-boot-starter-actuator
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-22733 | Hig | 8.2 | >= 4.0.0-M1, < 4.0.4 | 4.0.4 | Mar 20, 2026 | Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints. This issue affects Spring Security: from 4.0.0 th | |
| CVE-2026-22731 | Hig | 8.2 | >= 3.4.0, <= 3.4.13 | — | Mar 19, 2026 | Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: |
- affected >= 4.0.0-M1, < 4.0.4fixed 4.0.4
Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints. This issue affects Spring Security: from 4.0.0 th
- affected >= 3.4.0, <= 3.4.13
Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: