CVE-2026-40982

Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from...

com.alibaba.cloud:spring-cloud-starter-alibaba-nacos-config-server (=2021.0.1.0), com.bpfaas:bps-config-server-novault-spring-cloud-starter (=3.2.2) +9 more potentially affected by CVE-2026-40982 via org.springframework.cloud:spring-cloud-config-server (>=3.1.0 <=3.1.10)

org.springframework.cloud:spring-cloud-config-server MAVEN version =3.1.0, =2.1.4, =0.1, =6.5.0, =6.5.0, =2.0.1, =3.1.0, =2.1.0, =2.1.1 Source cves: CVE-2026-40982 Source advisory: OSV:GHSA-6G23-24MC-HX6X...

io.mosip.kernel:kernel-config-server (>=1.2.1-rc1 <=1.3.0-beta.3), org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=7.0.0 <=7.1.6.2) +5 more potentially affected by CVE-2026-40982 via org.springframework.cloud:spring-cloud-config-server (>=4.1.0 <=4.1.7)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.1.0, =1.2.1-rc1, =7.0.0, =7.0.0, =4.1.0, =3.1.0, =3.1.6 Source cves: CVE-2026-40982 Source advisory: OSV:GHSA-6G23-24MC-HX6X...

org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC4), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC4) +2 more potentially affected by CVE-2026-40982 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0 <=5.0.2)

org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-40982 Source advisory: OSV:GHSA-6G23-24MC-HX6X...

io.github.ilyaslabs.foodstack:configserver (=0.0.1), io.github.ilyaslabs:spring-boot-microservice-config-server (=1.0.0) +7 more potentially affected by CVE-2026-40982 via org.springframework.cloud:spring-cloud-config-server (>=4.3.0 <=4.3.2)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.3.0, =1.0.1, =7.3.0, =7.3.0, =26.01.01, =2.3.0, =4.3.0, =3.3.0, =3.3.2 Source cves: CVE-2026-40982 Source advisory: OSV:GHSA-6G23-24MC-HX6X...

CVE-2026-40982

creationtimestamp| type| source ---|---|--- 2026-05-07 04:30:27+00:00| seen| https://infosec.exchange/users/offseq/statuses/116531411462780607 2026-05-07 04:30:29+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mlaeyqh2um2y 2026-05-07 05:25:46+00:00| seen|...

CVE-2026-40982

Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from...

org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC4), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC4) +3 more potentially affected by CVE-2026-40982 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0-M1 <=5.0.2)

org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0-M1, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-40982 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-16439043...

com.brihaspathee.artemis:config-server (>=0.0.1 <=1.0.2), com.brihaspathee.sapphire:config-server (>=1.0.0 <=1.0.7) +17 more potentially affected by CVE-2026-40982 via org.springframework.cloud:spring-cloud-config-server (>=4.0.0 <=4.3.2)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.0.0, =0.0.1, =1.0.0, =3.0.3, =0.5, =0.0.1, =0.1.41-Beta, =1.0.1, =1.2.1-rc1, =7.0.0, =7.0.0, =26.01.01, =26.05.02 - org.octopusden.cloud.config-server:config-server =2.0.4 and more Source cves: CVE-2026-40982 Source advisory:...

EUVD-2023-40982

Malicious code in bioql PyPI...

MAL-2025-40982 Malicious code in ziggurat-car-sgp9 (npm)

The package ziggurat-car-sgp9 was found to contain malicious code...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-40982)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-40982 advisory. - In the Linux kernel, the following vulnerability has been resolved: ssb: Fix potential NULL pointer...

CVE-2024-40982

...

CVE-2024-40982 affecting package kernel for versions less than 5.15.176.3-2

CVE-2024-40982 affecting package kernel for versions less than 5.15.176.3-2. An upgraded version of the package is available that resolves this issue...

Linux Distros Unpatched Vulnerability : CVE-2022-40982

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Information exposure through microarchitectural state after transient execution in certain vector execution units for some IntelR Processors may allow an...

Linux Distros Unpatched Vulnerability : CVE-2024-40982

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ssb: Fix potential NULL pointer dereference in ssbdeviceuevent The ssbdeviceuevent function...

SUSE: Security Advisory (SUSE-SU-2023:3391-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-40982

A flaw was found in the ssb module in the Linux kernel. A NULL pointer dereference can be triggered due to a missing input validation when converting a device to a SSB device, resulting in a denial of service...

CVE-2024-40982

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-40982

Removed by vendor...