CVE-2026-22751 - Spring Security JdbcOneTimeTokenService allows a one-time token to authenticate multiple sessions

CVE ID :CVE-2026-22751 Published : April 21, 2026, 6:30 p.m. | 29 minutes ago Description :Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use (TOCTOU) race condition. Th