Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/05/09 8:21 a.m.11 views

CVE-2026-41002

The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterpris...

8.1CVSS5.8AI score0.0022EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/07 6:31 a.m.7 views

io.mosip.kernel:kernel-config-server (>=1.2.1-rc1 <=1.3.1-rc.1), org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=7.0.0 <=7.1.6.2) +5 more potentially affected by CVE-2026-41002 via org.springframework.cloud:spring-cloud-config-server (>=4.1.0 <=4.1.7)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.1.0, =1.2.1-rc1, =7.0.0, =7.0.0, =4.1.0, =3.1.0, =3.1.6 Source cves: CVE-2026-41002 Source advisory: OSV:GHSA-86WQ-234Q-R6WG...

8.1CVSS5.4AI score0.0022EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/07 6:31 a.m.7 views

org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC4), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC4) +2 more potentially affected by CVE-2026-41002 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0 <=5.0.2)

org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-41002 Source advisory: OSV:GHSA-86WQ-234Q-R6WG...

8.1CVSS5.8AI score0.0022EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/07 6:31 a.m.9 views

io.github.ilyaslabs.foodstack:configserver (=0.0.1), io.github.ilyaslabs:spring-boot-microservice-config-server (=1.0.0) +7 more potentially affected by CVE-2026-41002 via org.springframework.cloud:spring-cloud-config-server (>=4.3.0 <=4.3.2)

org.springframework.cloud:spring-cloud-config-server MAVEN version =4.3.0, =1.0.1, =7.3.0, =7.3.0, =26.01.01, =2.3.0, =4.3.0, =3.3.0, =3.3.2 Source cves: CVE-2026-41002 Source advisory: OSV:GHSA-86WQ-234Q-R6WG...

8.1CVSS5.7AI score0.0022EPSS
Exploits0
Circl
Circl
added 2026/05/07 5:35 a.m.13 views

CVE-2026-41002

creationtimestamp| type| source ---|---|--- 2026-05-07 05:35:10+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlaimg64462k 2026-05-07 06:48:23+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/spring-security-advisory-av26-431 2026-05-07 07:29:50+00:00| seen|...

8.1CVSS5.8AI score0.0022EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/07 3:53 a.m.57 views

CVE-2026-41002

The base directory spring.cloud.config.server.git.basedir used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use TOCTOU attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 inclusive; upgrade to 3.1.14 or greater Enterpris...

7.2CVSS0.0022EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/06 12:0 a.m.7 views

org.apereo.cas:cas-server-support-configuration-cloud-amqp (>=8.0.0-RC1 <=8.0.0-RC4), org.apereo.cas:cas-server-webapp-init-config-server (>=8.0.0-RC1 <=8.0.0-RC4) +3 more potentially affected by CVE-2026-41002 via org.springframework.cloud:spring-cloud-config-server (>=5.0.0-M1 <=5.0.2)

org.springframework.cloud:spring-cloud-config-server MAVEN version =5.0.0-M1, =8.0.0-RC1, =8.0.0-RC1, =5.0.0, =5.0.0, =5.0.1 Source cves: CVE-2026-41002 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-16439108...

8.1CVSS5.8AI score0.0022EPSS
Exploits0
Rows per page
Query Builder