Synced 16 Jun 2026 15:24 UTC Account

Is Spring Security 6.4.13 patched?

VMware · cycle 6.4 · end of life · Official site ↗
6.4.1340/100End of life

Current stable (7.1.0): 100/100

Minimum safe version6.4.17

6.4.13 has 3 open critical-or-high vulnerabilities. Run 6.4.17 or later to clear them. See what 6.4.17 fixes →

Health score40/100
Open issues7
Exploited now0
Cycle 6.4 EOL2025-12-31
Latest release7.1.0

Summary iPlain-English security status for Spring Security 6.4.13, built from its CVEs, active-exploitation data, end-of-life date and latest release.

Spring Security 6.4.13 is part of the 6.4 release line. 7 known vulnerabilities affect it. The minimum safe version is 6.4.17 — upgrade to it or later to clear the open critical/high issues. The 6.4 line reached end-of-life on 2025-12-31, so it no longer receives security patches. The latest supported Spring Security release is 7.1.0.

Known issues affecting 6.4.13

Exploited first, then by exploitation probability.

CVE-2026-22732 CRITICAL EPSS 0% → fixed in 7.0.4 CVE-2026-40988 HIGH EPSS 0% → fixed in 7.0.6 CVE-2026-22746 LOW EPSS 0% → fixed in 7.0.5 CVE-2026-22748 MEDIUM EPSS 0% → fixed in 7.0.5 CVE-2026-41003 HIGH EPSS 0% → fixed in 7.0.6 CVE-2026-41694 LOW EPSS 0% → fixed in 7.0.6 CVE-2026-22751 MEDIUM EPSS 0% → fixed in 7.0.5

Other Spring Security versions

Check another release line of Spring Security.

Spring Security 7.1.0Spring Security 7.0.6Spring Security 6.5.11Spring Security 6.3.10Spring Security 6.2.8Spring Security 6.1.9Spring Security 6.0.8Spring Security 5.8.16Spring Security 5.7.14Spring Security 5.6.12Spring Security 5.5.8Spring Security 5.4.10Spring Security 5.3.13Spring Security 5.2.15Spring Security 5.1.13Spring Security 5.0.19Spring Security 4.2.20

Frequently asked

Is Spring Security 6.4.13 patched?

Spring Security 6.4.13 is end-of-life and no longer receives security patches. Move to 7.1.0.

What version should I upgrade Spring Security 6.4.13 to?

Upgrade Spring Security 6.4.13 to at least 6.4.17 to clear its 3 open critical-or-high vulnerabilities.

When does Spring Security 6.4 reach end-of-life?

Spring Security 6.4 reached end-of-life on 2025-12-31 and no longer receives security patches.

What is the latest version of Spring Security?

The latest supported Spring Security release is 7.1.0.

Is Spring Security 6.4.13 still receiving security updates?

No — Spring Security 6.4.13 is on the 6.4 line, which reached end-of-life on 2025-12-31 and no longer receives security updates. Upgrade to 7.1.0 or later to stay supported.

Informational only, from public data (NVD · CISA KEV · EPSS · endoflife.date), and can lag or miss vendor-specific fixes. Always confirm against VMware's official advisory before you patch or upgrade — Spring Security official site ↗