What is CVE-2026-41000?

CVE-2026-41000 is a low-severity vulnerability, classified under Authentication Bypass by Capture-replay. CVSS score: 3.7/10. Published 2026-06-11.

How severe is CVE-2026-41000?

Low severity. CVSS v3 base score is 3.7 out of 10.

CVE-2026-41000

CVE-2026-41000

Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements…

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N.

Weakness classification (CWE)

CWE-294 — Authentication Bypass by Capture-replay

References

security@vmware.com

Frequently asked questions

What is CVE-2026-41000?: CVE-2026-41000 is a low-severity vulnerability, classified under Authentication Bypass by Capture-replay. CVSS score: 3.7/10. Published 2026-06-11.
How severe is CVE-2026-41000?: Low severity. CVSS v3 base score is 3.7 out of 10.