6505 matches found
CVE-2026-22739
Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible to access files outside of the configured search directories.This issue affects Spring Cloud: from...
CVE-2026-22739 Spring Cloud Config Profile Substitution Can Allow Unintended Access To Files And Enable SSRF Attacks
Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible to access files outside of the configured search directories.This issue affects Spring Cloud: from...
CVE-2026-22739 Spring Cloud Config Profile Substitution Can Allow Unintended Access To Files And Enable SSRF Attacks
Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible to access files outside of the configured search directories.This issue affects Spring Cloud: from...
CVE-2026-22739
Spring Cloud Config Server with native-file-system backend is vulnerable to an issue in profile substitution that can cause access to files outside configured search directories, leading to potential SSRF/unauthorized file reads. Affected lines: Spring Cloud 3.1.x before 3.1.13; 4.1.x before 4.1....
CVE-2026-22739
Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible to access files outside of the configured search directories.This issue affects Spring Cloud: from...
This Week in Spring - March 24th, 2026
Hi, Spring fans! Welcome to yet another rip-roarin' installment of This Week in Spring. As usual, we've got a ton to look into, so let's dive right in! Happy 22nd birthday to Spring Framework, released this day 22 years ago! and of course, next week, 1 April 2026, marks 12 years since Spring Boot...
Spring Cloud 安全漏洞
Spring Cloud is a microservices framework implemented based on Spring Boot by the Spring team in the United States. Vulnerabilities exist in versions prior to Spring Cloud 3.1.13, 4.1.9, 4.2.3, 4.3.2, and 5.0.2. These vulnerabilities stem from improper handling of configuration file parameters,...
CVE-2026-22737
A flaw was found in Spring Framework. When Java scripting engine enabled template views such as those using JRuby or Jython are used in Spring MVC and Spring WebFlux applications, a remote attacker can exploit this to disclose sensitive content from files located outside the intended script...
PT-2026-27270
Name of the Vulnerable Software and Affected Versions Spring Cloud versions 3.1.X through 3.1.12 Spring Cloud versions 4.1.X through 4.1.8 Spring Cloud versions 4.2.X through 4.2.2 Spring Cloud versions 4.3.X through 4.3.1 Spring Cloud versions 5.0.X through 5.0.1 Description A flaw exists in...
org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC2), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC2) +3 more potentially affected by CVE-2026-22739 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0-M1 <=5.0.1)
org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0-M1, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-22739 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-15762281...
Linux Distros Unpatched Vulnerability : CVE-2026-22737
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use of Java scripting engine enabled e.g. JRuby, Jython template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from...
Directory Traversal
Overview org.springframework.cloud:spring-cloud-config-server is a library that provides an HTTP resource-based API for external configuration. Affected versions of this package are vulnerable to Directory Traversal through the profile substitution logic in EnvironmentController,...
com.brihaspathee.artemis:config-server (>=0.0.1 <=1.0.2), com.brihaspathee.sapphire:config-server (>=1.0.0 <=1.0.7) +17 more potentially affected by CVE-2026-22739 via org.springframework.cloud:spring-cloud-config-server (>=4.0.0 <=4.3.1)
org.springframework.cloud:spring-cloud-config-server MAVEN version =4.0.0, =0.0.1, =1.0.0, =3.0.3, =0.5, =0.0.1, =0.1.41-Beta, =1.0.1, =1.2.1-rc1, =7.0.0, =7.0.0, =26.01.01, =26.05.02 - org.octopusden.cloud.config-server:config-server =2.0.4 and more Source cves: CVE-2026-22739 Source advisory:...
CVE-2026-22735
creationtimestamp| type| source ---|---|--- 2026-03-21 03:00:04+00:00| seen| https://spring.io/security/cve-2026-22737...
CVE-2026-22735
A flaw was found in Spring MVC and WebFlux. A remote attacker with low privileges could exploit this vulnerability, requiring user interaction. This could lead to stream corruption, potentially affecting the integrity of data being transmitted. Mitigation Mitigation for this issue is either not...
CVE-2026-22732
A flaw was found in Spring Security. When applications using Spring Security specify HTTP response headers for servlet applications, these headers may not be written. This can lead to a bypass of security policies or information disclosure, potentially allowing an attacker to gain unauthorized...
CVE-2026-22731
A flaw was found in Spring Boot. This vulnerability, an authentication bypass, occurs when an application endpoint requiring authentication is declared under a specific path already configured for a Health Group additional path. A remote attacker could exploit this to bypass authentication,...
Exploit for CVE-2026-22730
CVE-2026-22730 Scanner & Exploit – Spring AI MariaDB Vector Stor...
ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-operator (>=0.0.4 <=0.6.0) +9908 more potentially affected by CVE-2026-22737 via org.springframework:spring-webmvc (>=6.0.0 <=6.2.16)
org.springframework:spring-webmvc MAVEN version =6.0.0, =0.2.0, =0.0.4, =0.5.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.7.5, =0.8.3, =0.7.0, =0.5.0, =0.5.0, =0.8.7 and more Source cves: CVE-2026-22737 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORK-15701845...
Directory Traversal
Overview org.springframework:spring-webflux is a Spring Framework module that contains support for reactive HTTP and WebSocket clients as well as for reactive server web applications including REST, HTML browser, and WebSocket style interactions. Affected versions of this package are vulnerable t...