Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Nuclei
Nucleiadded yesterday9 views

Spring Cloud Config Server - Path Traversal

Spring Cloud 3.1.x 3.1.13, 4.1.x 4.1.9, 4.2.x 4.2.3, 4.3.x 4.3.2, and 5.0.x 5.0.2 contain a path traversal caused by profile parameter substitution in Config Server using native file system backend, letting attackers access files outside configured directories, exploit requires crafted request. i...

8.6CVSS5.8AI score0.0122EPSS
Exploits0References4
EUVD
EUVDadded 2026/03/24 3:31 a.m.3 views

EUVD-2026-14664

Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible to access files outside of the configured search directories.This issue affects Spring Cloud: from...

8.6CVSS5.8AI score0.0122EPSS
Exploits0References2
NVD
NVDadded 2026/03/24 1:17 a.m.1 views

CVE-2026-22739

Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible to access files outside of the configured search directories.This issue affects Spring Cloud: from...

8.6CVSS0.0122EPSS
Exploits0References1
CVE
CVEadded 2026/03/24 12:16 a.m.13 views

CVE-2026-22739

Spring Cloud Config Server with native-file-system backend is vulnerable to an issue in profile substitution that can cause access to files outside configured search directories, leading to potential SSRF/unauthorized file reads. Affected lines: Spring Cloud 3.1.x before 3.1.13; 4.1.x before 4.1....

8.6CVSS5.8AI score0.0122EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/03/24 12:16 a.m.213 views

CVE-2026-22739 Spring Cloud Config Profile Substitution Can Allow Unintended Access To Files And Enable SSRF Attacks

Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible to access files outside of the configured search directories.This issue affects Spring Cloud: from...

8.6CVSS0.0122EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/03/24 12:16 a.m.1 views

CVE-2026-22739 Spring Cloud Config Profile Substitution Can Allow Unintended Access To Files And Enable SSRF Attacks

Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible to access files outside of the configured search directories.This issue affects Spring Cloud: from...

8.6CVSS5.8AI score0.0122EPSS
Exploits0References1
Snyk
Snykadded 2026/03/23 12:0 a.m.3 views

Directory Traversal

Overview org.springframework.cloud:spring-cloud-config-server is a library that provides an HTTP resource-based API for external configuration. Affected versions of this package are vulnerable to Directory Traversal through the profile substitution logic in EnvironmentController,...

8.8CVSS6.5AI score0.0122EPSS
Exploits0References3
Rows per page
Query Builder