Description
Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for validation RequestData. Inbound WS-Security decryption could therefore accept RSA PKCS#1 v1.5 (rsa-1_5) encrypted key material unless operators explicitly reconfigured the flag.

Affected versions:
Spring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8.
Published: 2026-06-11
Score: 4.8 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Inbound WS‑Security processing in Spring Web Services exposes a cryptographic weakness: the interceptor defaults to allow the RSA PKCS#1 v1.5 key transport algorithm. This weaker algorithm is vulnerable to padding oracle and other attacks, and the default reverts to the unsafe option instead of the safer default used by Apache WSS4J. An attacker could craft a message that uses the insecure algorithm to manipulate the encrypted key material or potentially gain unauthorized access to the protected payload.

Affected Systems

The vulnerability affects Spring Web Services versions 5.0.0 through 5.0.1, 4.1.0 through 4.1.3, 4.0.0 through 4.0.18, and 3.1.0 through 3.1.8.

Risk and Exploitability

The CVSS score is 4.8, indicating low overall severity. No EPSS score is available, and the vulnerability is not listed in CISA’s KEV catalog, suggesting low exploitation probability. The attack vector is network via inbound WS‑Security messages; it requires an attacker to send a crafted message that uses the RSA PKCS#1 v1.5 encrypted key. The default configuration makes exploitation easier, but the weakness is limited to systems directly accepting inbound WS‑Security traffic.

Generated by OpenCVE AI on June 11, 2026 at 07:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest Spring Web Services release that no longer defaults to the insecure algorithm.
  • If upgrading is not possible, configure the Wss4jSecurityInterceptor component to set allowRSA15KeyTransportAlgorithm to false.
  • Verify that inbound messages use a stronger key transport algorithm such as RSA‑OAEP or equivalent.

Generated by OpenCVE AI on June 11, 2026 at 07:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://spring.io/security/cve-2026-40996 cve-icon cve-icon
History

Thu, 11 Jun 2026 06:45:00 +0000

Type Values Removed Values Added
Description Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for validation RequestData. Inbound WS-Security decryption could therefore accept RSA PKCS#1 v1.5 (rsa-1_5) encrypted key material unless operators explicitly reconfigured the flag. Affected versions: Spring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8.
Title Inbound WS-Security allows RSA PKCS#1 v1.5 key transport by default
Weaknesses CWE-327
References
Metrics cvssV3_1

{'score': 4.8, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published:

Updated: 2026-06-11T05:04:05.227Z

Reserved: 2026-04-16T02:19:12.969Z

Link: CVE-2026-40996

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-11T07:16:27.550

Modified: 2026-06-11T07:16:27.550

Link: CVE-2026-40996

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T07:30:08Z

Weaknesses