CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

110 matches found

CVE-2026-40989

Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud...

5.7CVSS0.00017EPSS

Exploits0References1

NVD•added 3 days ago•6 views

CVE-2026-40990

OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6...

5.7CVSS0.00017EPSS

Exploits0References1

EUVD•added 3 days ago•8 views

EUVD-2026-33734

5.7CVSS5.8AI score0.00017EPSS

Exploits0References1

Vulnrichment•added 3 days ago•5 views

CVE-2026-40990 Unbounded cache for function definitions

5.7CVSS5.8AI score0.00017EPSS

Exploits0References1

ATTACKERKB•added 3 days ago•5 views

CVE-2026-40990

5.7CVSS5.8AI score0.00017EPSS

Exploits0References2Affected Software1

Cvelist•added 3 days ago•23 views

CVE-2026-40990 Unbounded cache for function definitions

5.7CVSS0.00017EPSS

Exploits0References1

CVE•added 3 days ago•13 views

CVE-2026-40990

CVE-2026-40990 is an OOM vulnerability in Spring Cloud Function when building an unbounded number of functions in the Function Registry. Affected are Spring Cloud Function 3.2.x (pre-3.2.16), 4.1.x (pre-4.1.10), 4.2.x (pre-4.2.6), 4.3.x (pre-4.3.3), and 5.0.x (pre-5.0.2); older unsupported versio...

5.7CVSS5.8AI score0.00017EPSS

Exploits0References1

Vulnrichment•added 3 days ago•4 views

CVE-2026-40989 Self Routing guard bypassed via function composition

5.7CVSS5.8AI score0.00017EPSS

Exploits0References1

Cvelist•added 3 days ago•21 views

CVE-2026-40989 Self Routing guard bypassed via function composition

5.7CVSS0.00017EPSS

Exploits0References1

CVE•added 3 days ago•7 views

CVE-2026-40989

CVE-2026-40989 affects Spring Cloud Function lineages (3.2.x, 4.1.x, 4.2.x, 4.3.x, 5.0.x) with older/unsupported versions also impacted. The issue is an infinite recursion in the routing layer that can cause an Out-Of-Memory (OOM) condition during request handling. The root cause is not fully dis...

5.7CVSS5.8AI score0.00017EPSS

Exploits0References1

EUVD•added 3 days ago•5 views

EUVD-2026-33733

5.7CVSS5.8AI score0.00017EPSS

Exploits0References1

ATTACKERKB•added 3 days ago•5 views

CVE-2026-40989

5.7CVSS5.8AI score0.00017EPSS

Exploits0References2Affected Software1

CNNVD•added 3 days ago•2 views

VMware Spring Cloud Function security vulnerabilities

VMware Spring Cloud Function is a Java functional application development framework provided by the American company VMware. There is a security vulnerability in VMware Spring Cloud Function, which stems from infinite recursion at the routing layer, potentially leading to a memory insufficiency...

5.7CVSS5.8AI score0.00017EPSS

Exploits0References1

Positive Technologies•added 3 days ago•7 views

PT-2026-45515

5.7CVSS5.8AI score0.00017EPSS

Exploits0References2

CNNVD•added 3 days ago•2 views

VMware Spring Cloud Function security vulnerabilities

VMware Spring Cloud Function is a Java functional application development framework provided by the American company VMware. There is a security vulnerability in VMware Spring Cloud Function, which stems from attempting to add an unlimited number of functions to the function registry, potentially...

5.7CVSS5.8AI score0.00017EPSS

Exploits0References1

Positive Technologies•added 3 days ago•4 views

PT-2026-45514

5.7CVSS5.8AI score0.00017EPSS

Exploits0References2

vulnersOsv•added 2026/05/08 12:0 a.m.•7 views

ch.admin.bit.jeap:jeap-spring-boot-config-starter (>=17.16.0 <=18.5.0), ch.sbb:spring-cloud-stream-binder-solace (>=4.0.0 <=7.4.5) +896 more potentially affected by CVE-2026-40990 via org.springframework.cloud:spring-cloud-function-context (>=4.0.0 <=4.3.2)

org.springframework.cloud:spring-cloud-function-context MAVEN version =4.0.0, =17.16.0, =4.0.0, =1.0.0, =1.0.1, =0.14.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0, =0.15.0-RC2 and more Source cves: CVE-2026-40990 Source advisory:...

5.8AI score0.00017EPSS

Exploits0

Snyk•added 2026/05/08 12:0 a.m.•5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the SimpleFunctionRegistry composition. An attacker can exhaust memory or trigger unbounded recursive function composition by supplying crafted function definitions that...

8.7CVSS5.8AI score0.00017EPSS

Exploits0References2

Snyk•added 2026/05/08 12:0 a.m.•5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the SimpleFunctionRegistry composition and function wrapper cache in SimpleFunctionRegistry.java. An attacker can exhaust memory by supplying many distinct composed function...

8.7CVSS5.8AI score0.00017EPSS

Exploits0References2

vulnersOsv•added 2026/05/08 12:0 a.m.•4 views

ch.sbb:spring-cloud-stream-binder-solace (>=8.0.0 <=9.0.2), cn.herodotus.dante:dante-authentication-autoconfigure (>=4.0.0.0-M2 <=4.0.0.0-M3) +135 more potentially affected by CVE-2026-40990 via org.springframework.cloud:spring-cloud-function-context (>=5.0.0-M1 <=5.0.1)

org.springframework.cloud:spring-cloud-function-context MAVEN version =5.0.0-M1, =8.0.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =2.0.0-RC1, =8.0.2 and more Source cves: CVE-202...

5.8AI score0.00017EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by