CVE-2026-22739

State: PUBLISHED · Published: 2026-03-24 · Updated: 2026-03-24 · Assigner: vmware

Description

Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible to access files outside of the configured search directories.This issue affects Spring Cloud: from 3.1.X before 3.1.13, from 4.1.X before 4.1.9, from 4.2.X before 4.2.3, from 4.3.X before 4.3.2, from 5.0.X before 5.0.2.

CWE

CWE-22 — CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected

Spring / Spring Cloud — v=3.1.x <3.1.13 [affected]; v=4.1.x <4.1.9 [affected]; v=4.2.x <4.2.3 [affected]; v=4.3.x <4.3.2 [affected]; v=5.0.x <5.0.2 [affected]

CVSS

3.1 score=8.6 severity=HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

References

https://spring.io/security/cve-2026-22739

Source

cvelistV5-main/cves/2026/22xxx/CVE-2026-22739.json