MODERATE | MAY 08, 2026 | CVE-2026-40989
Description Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions Spring Cloud Function 3.2.x 4.2.x 4.3.x 5.0.x Older, unsupported versions are also affected Mitigation Users of affected…
MODERATE | MAY 08, 2026 | CVE-2026-40990
Description OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spring Products and Versions Spring Cloud Function 3.2.x 4.2.x 4.3.x 5.0.x Older, unsupported versions are also affected Mitigation Users of…
CRITICAL | MAY 06, 2026 | CVE-2026-40982
Description Spring Cloud Config allows applications to server arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal…
HIGH | MAY 06, 2026 | CVE-2026-40981
Description When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Affected Spring Products and Versions Spring Cloud Config…
HIGH | MAY 06, 2026 | CVE-2026-41002
Description The base directory (spring.cloud.config.server.git.basedir) used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use (TOCTOU) attacks. Affected Spring Products and Versions Spring Cloud Config…
MEDIUM | MAY 06, 2026 | CVE-2026-41004
Description When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Affected Spring Products and Versions Spring Cloud Config: 3.1.x 4.1.x 4.2.x 4.3.x 5.0.x Older, unsupported versions are also…
MEDIUM | APRIL 28, 2026 | CVE-2026-40968
Description When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user…
LOW | APRIL 28, 2026 | CVE-2026-40969
Description The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain information about the authentication failure, which may be useful for…
MODERATE | APRIL 27, 2026 | CVE-2026-40966
Description In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter logic through conversationId. Only applications that use…
HIGH | APRIL 27, 2026 | CVE-2026-40967
Description In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to…
