CVE-2026-41706: Spring Oauth2 Weak Uri Validation
Validation of URIs that only checks for the absence of a fragment is insufficient. This allows dangerous schemes (e.g., `javascript:`) and exposes the application to SSRF, Open Redirect, or XSS vulnerabilities. Validate the scheme, host, and port to ensure the URI meets strict security boundaries.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0
Javaβ
Javaβgreprules fetch cve-2026-41706-spring-oauth2-weak-uri-validation --engine opengrepDescription
Validation of URIs that only checks for the absence of a fragment is insufficient. This allows dangerous schemes (e.g., `javascript:`) and exposes the application to SSRF, Open Redirect, or XSS vulnerabilities. Validate the scheme, host, and port to ensure the URI meets strict security boundaries.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0