VulnerabilityBleeping Computer
9.1 — CRITICAL
The EOL Blind Spot in Your CVE Feed: What SCA Tools Don't Check.
Critical vulnerabilities can exist in open source software your scanners don't check. HeroDevs reveals how EOL software creates blind spots in CVE feeds and SCA tools, and how you can receive a free end-of-life scan for your projects. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
The cybersecurity industry is underreporting EOL (End-of-Life) software exposure, with a significant gap in CVE investigation coverage for older versions, putting organizations at risk of undetected vulnerabilities.
⚙️Technical Details
CVEs
CVE-2026-22732
Affected Systems
Spring Security Servlet applications
Attack Vectors
NETWORK
💥Impact Assessment
Severity: Critical
Who Is at Risk
Organizations using unsupported versions of Spring Security and other EOL software
🛡️Recommended Actions
1Regularly review SBOMs for EOL dependencies
2Run EOL DS to identify vulnerable package versions
3Upload EOL Risk Report to track exposure
📦Affected Products
Vmware Spring SecurityVMware Spring Security
🔐NVD Verified DataVERIFIED
CVE-2026-22732 ↗CVSS 9.1 — CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NWeaknesses
CWE-425
Affected Products (CPE)
Vmware Spring Security
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.