Spring Cloud Config Server - Local File Inclusion

Spring Cloud Config Server versions 2.1.x prior to 2.1.2, 2.0.x prior to 2.0.4, 1.4.x prior to 1.4.6, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files. An attacker can send a request using a specially...

io.mosip.kernel:kernel-config-server (>=1.2.1-rc1 <=1.3.0-beta.3), org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=7.0.0 <=7.1.6.2) +5 more potentially affected by CVE-2026-40982 via org.springframework.cloud:spring-cloud-config-server (>=4.1.0 <=4.1.7)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.1.0, =1.2.1-rc1, =7.0.0, =7.0.0, =4.1.0, =3.1.0, =3.1.6 Source cves: CVE-2026-40982 Source advisory: OSV:GHSA-6G23-24MC-HX6X...

com.brihaspathee.artemis:config-server (>=0.0.1 <=1.0.2), com.brihaspathee.sapphire:config-server (>=1.0.0 <=1.0.7) +6 more potentially affected by CVE-2026-41002 via org.springframework.cloud:spring-cloud-config-server (>=4.2.0 <=4.2.4)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.2.0, =0.0.1, =1.0.0, =3.0.9, =0.1.41-Beta, =7.2.0, =7.2.0, =4.2.0, =3.2.0, =3.2.3 Source cves: CVE-2026-41002 Source advisory: OSV:GHSA-86WQ-234Q-R6WG...

Spring Cloud Config has an Authorization Bypass Through User-Controlled Key

When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater...

com.alibaba.cloud:spring-cloud-starter-alibaba-nacos-config-server (=2021.0.1.0), com.bpfaas:bps-config-server-novault-spring-cloud-starter (=3.2.2) +9 more potentially affected by CVE-2026-41002 via org.springframework.cloud:spring-cloud-config-server (>=3.1.0 <=3.1.10)

org.springframework.cloud:spring-cloud-config-server MAVEN version =3.1.0, =2.1.4, =0.1, =6.5.0, =6.5.0, =2.0.1, =3.1.0, =2.1.0, =2.1.1 Source cves: CVE-2026-41002 Source advisory: OSV:GHSA-86WQ-234Q-R6WG...

com.brihaspathee.artemis:config-server (>=0.0.1 <=1.0.2), com.brihaspathee.sapphire:config-server (>=1.0.0 <=1.0.7) +17 more potentially affected by CVE-2026-41002 via org.springframework.cloud:spring-cloud-config-server (>=4.0.0 <=4.3.2)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.0.0, =0.0.1, =1.0.0, =3.0.3, =0.5, =0.0.1, =0.1.41-Beta, =1.0.1, =1.2.1-rc1, =7.0.0, =7.0.0, =26.01.01, =26.05.02 - org.octopusden.cloud.config-server:config-server =2.0.4 and more Source cves: CVE-2026-41002 Source advisory:...

org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC4), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC4) +3 more potentially affected by CVE-2026-40981 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0-M1 <=5.0.2)

org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0-M1, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-40981 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-16439020...

org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC4), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC4) +3 more potentially affected by CVE-2026-40982 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0-M1 <=5.0.2)

org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0-M1, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-40982 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-16439043...

io.github.ilyaslabs.foodstack:configserver (=0.0.1), io.github.ilyaslabs:spring-boot-microservice-config-server (=1.0.0) +7 more potentially affected by CVE-2026-22739 via org.springframework.cloud:spring-cloud-config-server (>=4.3.0 <=4.3.1)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.3.0, =1.0.1, =7.3.0, =7.3.0, =26.01.01, =2.3.0, =4.3.0, =3.3.0, =3.3.1 Source cves: CVE-2026-22739 Source advisory: OSV:GHSA-3QWQ-Q9VM-5J42...

org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC2), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC2) +3 more potentially affected by CVE-2026-22739 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0-M1 <=5.0.1)

org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0-M1, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-22739 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-15762281...

CVE-2025-22232 Spring Cloud Config Server May Not Use Vault Token Sent By Clients

Spring Cloud Config Server may not use Vault token sent by clients using a X-CONFIG-TOKEN header when making requests to Vault. Your application may be affected by this if the following are true: You have Spring Vault on the classpath of your Spring Cloud Config Server and You are using the...

com.mayhoo:config-server (=3.0.2), com.okta.spring.examples:okta-spring-boot-cloud-config-example (>=3.0.3 <=3.0.8) +8 more potentially affected by CVE-2025-22232 via org.springframework.cloud:spring-cloud-config-server (>=4.0.0 <=4.1.5)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.0.0, =3.0.3, =0.5, =0.0.1, =1.2.1-rc1, =7.0.0, =7.0.0, =4.0.0, =3.0.0, =3.1.5 Source cves: CVE-2025-22232 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-9674187...

com.brihaspathee.artemis:config-server (>=0.0.1 <=1.0.2), com.brihaspathee.sapphire:config-server (>=1.0.0 <=1.0.7) +6 more potentially affected by CVE-2025-22232 via org.springframework.cloud:spring-cloud-config-server (>=4.2.0 <=4.2.1)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.2.0, =0.0.1, =1.0.0, =3.0.9, =0.1.41-Beta, =7.2.0, =7.2.0, =4.2.0, =3.2.0, =3.2.1 Source cves: CVE-2025-22232 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-9674187...

spring-cloud-config-server: sending a request using a specially crafted URL can lead to a directory traversal attack

A flaw was found in spring-cloud-config in versions prior to 2.1.9 and 2.2.3. Applications are allowed to serve arbitrary configuration files through the spring-cloud-config-server module allowing an attacker to send a request using a specially crafted URL to create a directory traversal attack...

Moderate: Red Hat Security Advisory: Red Hat Fuse 7.9.0 release and security update

A minor version update from 7.8 to 7.9 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring...

Directory Traversal

spring-cloud-config-server is vulnerable to directory traversal. The vulnerability exists as it does not verify that the resources are served from allowed locations. An attacker is able to retrieve and read arbitrary system files using file:// or ../ characters...

cn.home1:oss-configserver (>=1.0.6.OSS <=1.0.7.OSS), cn.home1:spring-cloud-config-monitor (>=0.0.1 <=1.0.1.U1) +166 more potentially affected by CVE-2019-3799 via org.springframework.cloud:spring-cloud-config-server (>=1.1.0.RELEASE <=1.4.5.RELEASE)

org.springframework.cloud:spring-cloud-config-server MAVEN version =1.1.0.RELEASE, =1.0.6.OSS, =0.0.1, =0.0.1, =1.1.0-RELEASE, =1.0.0, =1.0.0, =1.5.0-Beta, =0.8.3, =0.8.3, =0.8.3, =0.8.3, =0.10.0 and more Source cves: CVE-2019-3799 Source advisory: OSV:GHSA-4X49-W62V-76Q7...

ai.hyacinth.framework:core-service-config-server (=0.5.0), org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=6.0.1 <=6.1.0-RC2) +12 more potentially affected by CVE-2019-3799 via org.springframework.cloud:spring-cloud-config-server (>=2.1.0.RELEASE <=2.1.1.RELEASE)

org.springframework.cloud:spring-cloud-config-server MAVEN version =2.1.0.RELEASE, =6.0.1, =6.0.1, =6.0.1, =Einstein.RELEASE, =2.1.0.RELEA...

CVE-2019-3799 Directory Traversal with spring-cloud-config-server

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a...

Directory Traversal

spring-cloud-config-server is vulnerable to directory traversal. It is possible because an attacker can serve arbitrary configuration files to the sever through a malicious URL feed into spring-cloud-config-server module...