CVE-2026-9370 Overview
CVE-2026-9370 affects the ulisesbocchio/jasypt-spring-boot library through version 3.0.5 and 4.0.4. The weakness resides in the getSecretKeySaltGenerator function within jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java. The Password Hash Handler component uses a one-way hash with a predictable salt [CWE-759]. An attacker can target the weakness remotely, though exploitation requires high attack complexity. A public exploit is available, and the project maintainers have not yet responded to the disclosure.
Critical Impact
Use of a predictable salt in the GCM key derivation path weakens password-based encryption guarantees and enables precomputation attacks against derived secrets.
Affected Products
- ulisesbocchio jasypt-spring-boot up to 3.0.5
- ulisesbocchio jasypt-spring-boot up to 4.0.4
- SimpleGCMConfig.java Password Hash Handler component
Discovery Timeline
- 2026-05-24 - CVE-2026-9370 published to NVD
- 2026-05-26 - Last updated in NVD database
Technical Details for CVE-2026-9370
Vulnerability Analysis
The jasypt-spring-boot library provides property encryption for Spring Boot applications. The SimpleGCMConfig class configures AES-GCM encryption with a password-derived key. The getSecretKeySaltGenerator method returns a salt generator that produces a predictable value rather than a cryptographically random salt. Salt predictability undermines the purpose of salting in password-based key derivation. An attacker who knows the salt scheme can precompute hash outputs for candidate passwords. This reduces the cost of brute-forcing the password used to derive the GCM key. The weakness maps to CWE-759: Use of a One-Way Hash with a Predictable Salt.
Root Cause
The root cause is the selection of a fixed or deterministic salt generator inside getSecretKeySaltGenerator within SimpleGCMConfig.java. Secure key derivation requires a unique, unpredictable salt per encryption operation. The configuration instead returns a generator whose output is known or guessable, eliminating per-instance entropy in the derived key material.
Attack Vector
The attack is network-reachable but requires high complexity. An attacker who obtains ciphertext encrypted by an application using SimpleGCMConfig can mount offline password-guessing attacks against the encryption password. Because the salt is predictable, rainbow tables or precomputed dictionaries become feasible against the key derivation output. Exploitation does not require authentication or user interaction. A public exploit has been published, as referenced in the GitHub CVE Issue.
No verified exploitation code is reproduced here. Technical details are available in the GitHub Issue Discussion and VulDB Vulnerability Details.
Detection Methods for CVE-2026-9370
Indicators of Compromise
- Presence of jasypt-spring-boot dependency at version 3.0.5 or earlier in the 3.x line, or 4.0.4 or earlier in the 4.x line.
- Application configuration referencing SimpleGCMConfig or SimpleGCMByteEncryptor for property encryption.
- Ciphertext blobs produced by affected versions stored in configuration repositories or property files.
Detection Strategies
- Run software composition analysis across build manifests (pom.xml, build.gradle) to flag vulnerable jasypt-spring-boot versions.
- Audit source repositories for direct imports of com.ulisesbocchio.jasyptspringboot.encryptor.SimpleGCMConfig.
- Review application logs and key management telemetry for repeated decryption attempts that suggest offline guessing follow-up.
Monitoring Recommendations
- Monitor outbound and inbound access to repositories that contain encrypted Spring Boot property files.
- Alert on configuration file exfiltration patterns and unusual reads of encrypted properties at runtime.
- Track dependency drift in CI/CD pipelines to detect introduction of vulnerable library versions.
How to Mitigate CVE-2026-9370
Immediate Actions Required
- Inventory all Spring Boot services consuming jasypt-spring-boot and identify those using SimpleGCMConfig.
- Rotate any password and re-encrypt secrets that were protected by the predictable-salt configuration.
- Replace SimpleGCMConfig with a custom encryptor configuration that supplies a cryptographically secure random salt generator such as RandomIvGenerator paired with a proper salt source.
Patch Information
The project maintainers have not responded to the disclosure tracked in the GitHub Issue Discussion at the time of publication. No official patched release is referenced in the NVD data. Monitor the GitHub Project Repository for updates and apply vendor fixes when available.
Workarounds
- Override getSecretKeySaltGenerator with a custom implementation that returns a RandomSaltGenerator using SecureRandom.
- Migrate encrypted properties to an external secrets manager such as HashiCorp Vault, AWS Secrets Manager, or Azure Key Vault.
- Restrict access to configuration files and ciphertext to reduce the offline attack surface available to adversaries.
# Configuration example - override the default GCM config with a secure salt generator
# In your Spring @Configuration class:
#
# @Bean("encryptorBean")
# public StringEncryptor stringEncryptor() {
# SimpleStringPBEConfig config = new SimpleStringPBEConfig();
# config.setPassword(System.getenv("JASYPT_PASSWORD"));
# config.setAlgorithm("PBEWithHMACSHA512AndAES_256");
# config.setKeyObtentionIterations("100000");
# config.setSaltGenerator(new RandomSaltGenerator());
# config.setIvGenerator(new RandomIvGenerator());
# config.setStringOutputType("base64");
# PooledPBEStringEncryptor enc = new PooledPBEStringEncryptor();
# enc.setConfig(config);
# return enc;
# }
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
