CVE-2026-47825

🗓️ 15 Jun 2026 19:34:29Reported by vmwareType

Spring Cloud Gateway forwards X-Forwarded-For and Forwarded headers from untrusted proxies in some configurations.

Reporter	Title	Published	Views	Family All 7
Circl	CVE-2026-47825	12 Jun 202612:55	–	circl
Cvelist	CVE-2026-47825 Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situations	15 Jun 202619:34	–	cvelist
EUVD	EUVD-2026-37000	15 Jun 202621:30	–	euvd
NVD	CVE-2026-47825	15 Jun 202621:17	–	nvd
Positive Technologies	PT-2026-49468	15 Jun 202600:00	–	ptsecurity
Snyk	Use of Less Trusted Source	11 Jun 202600:00	–	snyk
Snyk	Use of Less Trusted Source	11 Jun 202600:00	–	snyk

[
  {
    "vendor": "Spring",
    "product": "Spring Cloud Gateway",
    "defaultStatus": "unaffected",
    "versions": [
      {
        "status": "affected",
        "version": "3.1.0",
        "lessThan": "3.1.13",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.1.0",
        "lessThan": "4.1.13",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.2.0",
        "lessThan": "4.2.9",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "4.3.0",
        "lessThan": "4.3.5",
        "versionType": "custom"
      },
      {
        "status": "affected",
        "version": "5.0.0",
        "lessThan": "5.0.2",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
spring	www.spring.io/security/cve-2026-47825

15 Jun 2026 21:17Current

5.2Medium risk

Vulners AI Score5.2

CVSS 3.18.6

CWE-346