Spring WS ReplayCache Wiring Flaw (5.0.x,4.1.x,4.0.x,3.1.x)
CVE-2026-41000 Published on June 11, 2026
WSS4J validation does not use configured replay cache
Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements, and certain SAML one-time-use semantics could be ineffective even when operators configured a replay cache on the interceptor.
Affected versions:
Spring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8.
Vulnerability Analysis
CVE-2026-41000 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, with no impact on integrity, and no impact on availability.
Weakness Type
Authentication Bypass by Capture-replay
A capture-replay flaw exists when the design of the software makes it possible for a malicious user to sniff network traffic and bypass authentication by replaying it to the server in question to the same effect as the original message (or with minor changes). Capture-replay attacks are common and can be difficult to defeat without cryptography. They are a subset of network injection attacks that rely on observing previously-sent valid commands, then changing them slightly if necessary and resending the same commands to the server.
Products Associated with CVE-2026-41000
Want to know whenever a new CVE is published for VMware Spring Framework? stack.watch will email you.
Affected Versions
Spring Web Services:- Version 5.0.0 and below 5.0.2 is affected.
- Version 4.1.0 and below 4.1.4 is affected.
- Version 4.0.0 and below 4.0.19 is affected.
- Version 3.1.0 and below 3.1.9 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.