CVE-2022-22947

CVE-2022-22947 affects Spring Cloud Gateway when the Gateway Actuator endpoint is enabled, exposed, and unsecured. A remote attacker can craft a request to the Actuator interface and cause arbitrary remote code execution on the host due to a code-injection vulnerability in the gateway routing/Act...

CVE-2022-22946

CVE-2022-22946 affects Spring Cloud Gateway versions prior to 3.1.1+. When HTTP/2 is enabled and there is no key store or trusted certificates, the gateway may be configured to use an insecure TrustManager, allowing connections to remote services with invalid or custom certificates. Affected comp...

CVE-2021-22051

Spring Cloud Gateway is affected by CVE-2021-22051, where specially crafted requests could trigger an additional downstream request. The issue affects 3.0.x and 2.2.x releases; mitigation specifies upgrading to 3.0.5+ or 2.2.10.RELEASE+ (for affected versions). Remediation guidance explicitly rec...

CVE-2026-22750

CVE-2026-22750 affects Spring Cloud Gateway; SSL bundle configuration via spring.ssl.bundle could be silently ignored, causing the system to fall back to the default SSL settings. Root cause: configuration bypass leads to unintended SSL behavior and potential exposure if defaults differ from inte...