VYPR

Maven package

org.springframework.boot/spring-boot-starter-actuator

pkg:maven/org.springframework.boot/spring-boot-starter-actuator

Vulnerabilities (2)

  • CVE-2026-22733HigMar 20, 2026
    affected >= 4.0.0-M1, < 4.0.4fixed 4.0.4

    Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints. This issue affects Spring Security: from 4.0.0 th

  • CVE-2026-22731HigMar 19, 2026
    affected >= 3.4.0, <= 3.4.13

    Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: