11800 matches found
org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC4), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC4) +2 more potentially affected by CVE-2026-41004 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0 <=5.0.2)
org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-41004 Source advisory: OSV:GHSA-J6HH-H3CF-C2HF...
com.alibaba.cloud:spring-cloud-starter-alibaba-nacos-config-server (=2021.0.1.0), com.bpfaas:bps-config-server-novault-spring-cloud-starter (=3.2.2) +9 more potentially affected by CVE-2026-41002 via org.springframework.cloud:spring-cloud-config-server (>=3.1.0 <=3.1.10)
org.springframework.cloud:spring-cloud-config-server MAVEN version =3.1.0, =2.1.4, =0.1, =6.5.0, =6.5.0, =2.0.1, =3.1.0, =2.1.0, =2.1.1 Source cves: CVE-2026-41002 Source advisory: OSV:GHSA-86WQ-234Q-R6WG...
org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC4), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC4) +2 more potentially affected by CVE-2026-40982 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0 <=5.0.2)
org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-40982 Source advisory: OSV:GHSA-6G23-24MC-HX6X...
io.github.ilyaslabs.foodstack:configserver (=0.0.1), io.github.ilyaslabs:spring-boot-microservice-config-server (=1.0.0) +7 more potentially affected by CVE-2026-40982 via org.springframework.cloud:spring-cloud-config-server (>=4.3.0 <=4.3.2)
org.springframework.cloud:spring-cloud-config-server MAVEN version =4.3.0, =1.0.1, =7.3.0, =7.3.0, =26.01.01, =2.3.0, =4.3.0, =3.3.0, =3.3.2 Source cves: CVE-2026-40982 Source advisory: OSV:GHSA-6G23-24MC-HX6X...
GHSA-86WQ-234Q-R6WG Spring Cloud Config Server Susceptible To TOCTOU Attack
The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterpris...
CVE-2026-41002
The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterpris...
CVE-2026-41004
When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterprise Support Only. Spring Cloud Config 4.1.x: affected from 4.1.0 throu...
CVE-2026-40981
When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...
CVE-2026-40982
Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from...
CVE-2026-40981
When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...
EUVD-2026-28245
When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...
CVE-2026-40981
CVE-2026-40981 : In Spring Cloud Config Server using Google Secrets Manager as a backend, a crafted request can expose secrets from unintended GCP projects. Affected versions and upgrades: 3.1.x: 3.1.0–3.1.13 → upgrade to 3.1.14+ 4.1.x: 4.1.0–4.1.9 → upgrade to 4.1.10+ 4.2.x: 4.2.0–4.2.6 → upgrad...
CVE-2026-40981
When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...
CVE-2026-40981
When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...
CVE-2026-41002
The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterpris...
CVE-2026-41002
CVE-2026-41002 affects Spring Cloud Config Server where the base directory used to clone Git repositories (spring.cloud.config.server.git.basedir) is vulnerable to time-of-check-time-of-use (TOCTOU) issues. Affected ranges and upgrades: Spring Cloud Config 3.1.x: 3.1.0–3.1.13 → upgrade to 3.1.14+...
EUVD-2026-28248
The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterpris...
CVE-2026-41002
The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterpris...
CVE-2026-41002
The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterpris...
EUVD-2026-28250
When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterprise Support Only. Spring Cloud Config 4.1.x: affected from 4.1.0 throu...