Spring Security: 5.8.16 → 5.8.26
VMware · upgrade impact · Official site ↗
Fixed by upgrading to 5.8.26 iVulnerabilities that affect 5.8.16 but no longer affect 5.8.26 — the security gain from this upgrade, by exploited status then exploitation probability.
Exploited first, then by exploitation probability (EPSS).
CVE-2026-22732 CRITICAL EPSS 0% ✓ cleared in 5.8.26 CVE-2026-40988 HIGH EPSS 0% ✓ cleared in 5.8.26 CVE-2026-22746 LOW EPSS 0% ✓ cleared in 5.8.26 CVE-2026-41003 HIGH EPSS 0% ✓ cleared in 5.8.26 CVE-2026-41694 LOW EPSS 0% ✓ cleared in 5.8.26Still open in 5.8.26 iKnown vulnerabilities that affect 5.8.26 too — upgrading to it does not clear these.
These affect 5.8.26 as well — a later release may be needed.
CVE-2026-22748 MEDIUM EPSS 0% → fixed in 7.0.5