146 matches found
Spring Cloud Config Server - Local File Inclusion
Spring Cloud Config Server versions 2.1.x prior to 2.1.2, 2.0.x prior to 2.0.4, 1.4.x prior to 1.4.6, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files. An attacker can send a request using a specially...
Linux Distros Unpatched Vulnerability : CVE-2026-40981
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secret...
Linux Distros Unpatched Vulnerability : CVE-2026-41004
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring Cloud Config 3.1.x: affected from...
Linux Distros Unpatched Vulnerability : CVE-2026-40982
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud- config-server module. A malicious user, or attacker,...
CVE-2026-40982
A flaw was found in Spring Cloud Config. A remote attacker can exploit a directory traversal vulnerability by sending a specially crafted URL to the spring-cloud-config-server module. This allows the attacker to access arbitrary text and binary files on the system. Mitigation Mitigation for this...
CVE-2026-40981
A flaw was found in Spring Cloud Config. When utilizing Google Secrets Manager as a backend, a remote client can craft a specific request to the config server. This action may lead to the unintended exposure of secrets from other Google Cloud Platform GCP projects, resulting in sensitive...
Information Exposure
Spring Cloud Config is vulnerable to Information Exposure. The vulnerability is due to improper validation of requests when using Google Secrets Manager as a backend, which allows an attacker to craft requests that expose secrets from unintended GCP projects...
Race Condition
Spring Cloud Config Server is vulnerable to Race Condition. The vulnerability is due to a Time-of-Check Time-of-Use TOCTOU issue in handling the Git repository base directory spring.cloud.config.server.git.basedir, where attackers may manipulate filesystem state between validation and use,...
com.alibaba.cloud:spring-cloud-starter-alibaba-nacos-config-server (=2021.0.1.0), com.bpfaas:bps-config-server-novault-spring-cloud-starter (=3.2.2) +9 more potentially affected by CVE-2026-40982 via org.springframework.cloud:spring-cloud-config-server (>=3.1.0 <=3.1.10)
org.springframework.cloud:spring-cloud-config-server MAVEN version =3.1.0, =2.1.4, =0.1, =6.5.0, =6.5.0, =2.0.1, =3.1.0, =2.1.0, =2.1.1 Source cves: CVE-2026-40982 Source advisory: OSV:GHSA-6G23-24MC-HX6X...
com.alibaba.cloud:spring-cloud-starter-alibaba-nacos-config-server (=2021.0.1.0), com.bpfaas:bps-config-server-novault-spring-cloud-starter (=3.2.2) +9 more potentially affected by CVE-2026-41002 via org.springframework.cloud:spring-cloud-config-server (>=3.1.0 <=3.1.10)
org.springframework.cloud:spring-cloud-config-server MAVEN version =3.1.0, =2.1.4, =0.1, =6.5.0, =6.5.0, =2.0.1, =3.1.0, =2.1.0, =2.1.1 Source cves: CVE-2026-41002 Source advisory: OSV:GHSA-86WQ-234Q-R6WG...
io.mosip.kernel:kernel-config-server (>=1.2.1-rc1 <=1.3.1-rc.1), org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=7.0.0 <=7.1.6.2) +5 more potentially affected by CVE-2026-40982 via org.springframework.cloud:spring-cloud-config-server (>=4.1.0 <=4.1.7)
org.springframework.cloud:spring-cloud-config-server MAVEN version =4.1.0, =1.2.1-rc1, =7.0.0, =7.0.0, =4.1.0, =3.1.0, =3.1.6 Source cves: CVE-2026-40982 Source advisory: OSV:GHSA-6G23-24MC-HX6X...
io.mosip.kernel:kernel-config-server (>=1.2.1-rc1 <=1.3.1-rc.1), org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=7.0.0 <=7.1.6.2) +5 more potentially affected by CVE-2026-41002 via org.springframework.cloud:spring-cloud-config-server (>=4.1.0 <=4.1.7)
org.springframework.cloud:spring-cloud-config-server MAVEN version =4.1.0, =1.2.1-rc1, =7.0.0, =7.0.0, =4.1.0, =3.1.0, =3.1.6 Source cves: CVE-2026-41002 Source advisory: OSV:GHSA-86WQ-234Q-R6WG...
com.brihaspathee.artemis:config-server (>=0.0.1 <=1.0.2), com.brihaspathee.sapphire:config-server (>=1.0.0 <=1.0.7) +6 more potentially affected by CVE-2026-40982 via org.springframework.cloud:spring-cloud-config-server (>=4.2.0 <=4.2.4)
org.springframework.cloud:spring-cloud-config-server MAVEN version =4.2.0, =0.0.1, =1.0.0, =3.0.9, =0.1.41-Beta, =7.2.0, =7.2.0, =4.2.0, =3.2.0, =3.2.3 Source cves: CVE-2026-40982 Source advisory: OSV:GHSA-6G23-24MC-HX6X...
io.github.ilyaslabs.foodstack:configserver (=0.0.1), io.github.ilyaslabs:spring-boot-microservice-config-server (=1.0.0) +7 more potentially affected by CVE-2026-40982 via org.springframework.cloud:spring-cloud-config-server (>=4.3.0 <=4.3.2)
org.springframework.cloud:spring-cloud-config-server MAVEN version =4.3.0, =1.0.1, =7.3.0, =7.3.0, =26.01.01, =2.3.0, =4.3.0, =3.3.0, =3.3.2 Source cves: CVE-2026-40982 Source advisory: OSV:GHSA-6G23-24MC-HX6X...
io.github.ilyaslabs.foodstack:configserver (=0.0.1), io.github.ilyaslabs:spring-boot-microservice-config-server (=1.0.0) +7 more potentially affected by CVE-2026-41002 via org.springframework.cloud:spring-cloud-config-server (>=4.3.0 <=4.3.2)
org.springframework.cloud:spring-cloud-config-server MAVEN version =4.3.0, =1.0.1, =7.3.0, =7.3.0, =26.01.01, =2.3.0, =4.3.0, =3.3.0, =3.3.2 Source cves: CVE-2026-41002 Source advisory: OSV:GHSA-86WQ-234Q-R6WG...
org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC4), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC4) +2 more potentially affected by CVE-2026-41002 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0 <=5.0.2)
org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-41002 Source advisory: OSV:GHSA-86WQ-234Q-R6WG...
org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC4), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC4) +2 more potentially affected by CVE-2026-40982 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0 <=5.0.2)
org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-40982 Source advisory: OSV:GHSA-6G23-24MC-HX6X...
com.brihaspathee.artemis:config-server (>=0.0.1 <=1.0.2), com.brihaspathee.sapphire:config-server (>=1.0.0 <=1.0.7) +6 more potentially affected by CVE-2026-41002 via org.springframework.cloud:spring-cloud-config-server (>=4.2.0 <=4.2.4)
org.springframework.cloud:spring-cloud-config-server MAVEN version =4.2.0, =0.0.1, =1.0.0, =3.0.9, =0.1.41-Beta, =7.2.0, =7.2.0, =4.2.0, =3.2.0, =3.2.3 Source cves: CVE-2026-41002 Source advisory: OSV:GHSA-86WQ-234Q-R6WG...
com.alibaba.cloud:spring-cloud-starter-alibaba-nacos-config-server (=2021.0.1.0), com.bpfaas:bps-config-server-novault-spring-cloud-starter (=3.2.2) +9 more potentially affected by CVE-2026-41004 via org.springframework.cloud:spring-cloud-config-server (>=3.1.0 <=3.1.10)
org.springframework.cloud:spring-cloud-config-server MAVEN version =3.1.0, =2.1.4, =0.1, =6.5.0, =6.5.0, =2.0.1, =3.1.0, =2.1.0, =2.1.1 Source cves: CVE-2026-41004 Source advisory: OSV:GHSA-J6HH-H3CF-C2HF...
org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC4), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC4) +2 more potentially affected by CVE-2026-41004 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0 <=5.0.2)
org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-41004 Source advisory: OSV:GHSA-J6HH-H3CF-C2HF...