Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreCVE-2026-40996: Inbound WS-Security allows RSA PKCS#1 v1.5 key transport by default
Description
Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J’s safer default for validation RequestData. Inbound WS-Security decryption could therefore accept RSA PKCS#1 v1.5 (rsa-1_5) encrypted key material unless operators explicitly reconfigured the flag, increasing exposure to attacks that target that legacy key-transport construction in man-in-the-middle or oracle-capable positions.
Preconditions include inbound XML encryption or key transport handled by WSS4J through Spring WS, peers that negotiate or emit RSA v1.5 key transport, and an attacker with a position that allows practical exploitation of the weaker algorithm choice.
Affected Spring Products and Versions
Spring Web Services:
- 5.0.0 - 5.0.1
- 4.1.0 - 4.1.3
- 4.0.0 - 4.0.18
- 3.1.0 - 3.1.8
Versions that are no longer supported are also affected.
Mitigation
Users of affected versions should upgrade to the corresponding fixed version.
| Affected version(s) | Fix version | Availability |
|---|---|---|
| 5.0.x | 5.0.2 | OSS |
| 5.0.1.1 | Enterprise Support Only | |
| 4.1.x | 4.1.4 | OSS |
| 4.1.3.1 | Enterprise Support Only | |
| 4.0.x | 4.0.19 | Enterprise Support Only |
| 3.1.x | 3.1.9 | Enterprise Support Only |
If you are not able to upgrade, you can disable RSA PKCS#1 v1.5 encryption explicitly by calling the setAllowRSA15KeyTransportAlgorithm setter method with false as argument.
References
History
- 2026-06-10: Initial vulnerability report published.
Reporting a vulnerability
To report a security vulnerability for a project within the Spring portfolio, see the Security Policy
Get support
Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.
Learn moreUpcoming events
Check out all the upcoming events in the Spring community.
View all