CVE-2026-9370 | ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4 Password Hash SimpleGCMConfig.java getSecretKeySaltGenerator hash predictable salt (Issue 431)

A vulnerability, which was classified as problematic , was found in ulisesbocchio jasypt-spring-boot up to 3.0.5/4.0.4 . Affected by this vulnerability is the function getSecretKeySaltGenerator of the file jasypt-spring-boot/src/main/java/com/ulisesbocchio/jasyptspringboot/encryptor/SimpleGCMConfig.java of the component Password Hash Handler . Executing a manipulation can lead to use of a one-way hash with a predictable salt. This vulnerability is tracked as CVE-2026-9370 . The attack can be lau