Spring Cloud Gateway Server Webflux - Broken Access Control

Spring Cloud Gateway Server Webflux contains a vulnerability caused by unsecured and exposed actuator endpoints allowing modification of Spring Environment properties, letting attackers modify configuration, exploit requires unsecured actuator endpoints exposure. id: CVE-2025-41243 info: name:...

IP Address Spoofing

Spring Cloud Gateway is vulnerable to IP Address Spoofing. The vulnerability is due to improper trust of X-Forwarded-For and Forwarded headers from untrusted proxies, allowing attackers to supply forged client IP information that may be used by downstream applications for security decisions,...

Spring Cloud Gateway Code Injection

Applications using Spring Cloud Gateway prior to 3.1.1+ and 3.0.7+ are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote...

CVE-2026-47825

The CVE affects Spring Cloud Gateway Server components (WebMVC and WebFlux gateways) where headers from untrusted proxies (X-Forwarded-For, Forwarded) are forwarded in certain configurations. Root cause: forwarded-header handling without a trusted-proxy basis allows forged headers to reach downst...

CVE-2026-47825: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situations

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers...

Use of Less Trusted Source

Overview Affected versions of this package are vulnerable to Use of Less Trusted Source. Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded request headers it receives from untrusted proxies to downstream services. Both the WebFlux and WebMVC Gateway Servers process these...

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.6.0) +10169 more potentially affected by CVE-2026-22741 via org.springframework:spring-webmvc (>=6.0.0 <=6.2.17)

org.springframework:spring-webmvc MAVEN version =6.0.0, =0.2.0, =0.0.4, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.3, =0.7.0, =0.5.0, =0.5.0, =0.8.7 and more Source cves: CVE-2026-22741 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-16109603...

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo (=0.1.0) +17237 more potentially affected by CVE-2026-5598 via org.bouncycastle:bcprov-jdk18on (>=1.71 <=1.83)

org.bouncycastle:bcprov-jdk18on MAVEN version =1.71, =0.2.0, =0.31.0, =0.5.0, =0.6.0, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.7 and more Source cves: CVE-2026-5598 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16074612...

EUVD-2026-21330

When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud...

GHSA-HWQH-2684-54FC Spring Cloud Gateway's SSL bundle configuration silently bypassed

When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud...

Spring Cloud Gateway's SSL bundle configuration silently bypassed

When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud...

CVE-2026-22750 SSL bundle configuration silently bypassed in Spring Cloud Gateway

When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud...

CVE-2026-22750

CVE-2026-22750 affects Spring Cloud Gateway; SSL bundle configuration via spring.ssl.bundle could be silently ignored, causing the system to fall back to the default SSL settings. Root cause: configuration bypass leads to unintended SSL behavior and potential exposure if defaults differ from inte...

CVE-2026-22750

When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud...

CVE-2026-22750 SSL bundle configuration silently bypassed in Spring Cloud Gateway

When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud...

Spring Cloud Gateway 安全漏洞

Spring Cloud Gateway is an API gateway framework developed by Spring. There is a security vulnerability in Spring Cloud Gateway, which stems from the silent ignoring of the configuration property spring.ssl.bundle. This may lead to the use of the default SSL configuration...

PT-2026-31891

Name of the Vulnerable Software and Affected Versions Spring Cloud Gateway versions prior to 4.2.1 and versions 5.0.0 and 5.1.0. Description When configuring SSL bundles in Spring Cloud Gateway using the spring.ssl.bundle configuration property, the configuration was silently ignored, and the...

ch.nexsol-tech.gateway:sample-gateway (>=0.0.1 <=1.0.0), ch.nexsol-tech.gateway:spring-cloud-gateway-database (>=0.0.1 <=1.0.0) +27 more potentially affected by CVE-2026-22750 via org.springframework.cloud:spring-cloud-gateway-server (=4.2.0)

org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.cloud:spring-cloud-gateway-server and may be impacted: - ch.nexsol-tech.gateway:sample-gateway =0.0.1, =0.0.1...

K000160223: Spring cloud gateway vulnerability CVE-2025-41243

Security Advisory Description Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server Webflux Spring Cloud Gateway Server...

Expression Language Injection

Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection. The vulnerability is due to unsafe SpEL evaluation in routes due to the actuator gateway endpoint being exposed and accessible to untrusted users; attackers can create routes that use SpEL to read environment...