CVE-2026-22739

CVSS Score & Metrics

Base Score

8.6 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L                                    

Vulnerability Description

Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible to access files outside of the configured search directories.This issue affects Spring Cloud: from 3.1.X before 3.1.13, from 4.1.X before 4.1.9, from 4.2.X before 4.2.3, from 4.3.X before 4.3.2, from 5.0.X before 5.0.2.

Vulnerability Details

Published Date

March 24, 2026

Last Modified

March 24, 2026

CWE ID

CWE-22

Source

NVD

Vendor

Spring

Product

Spring Cloud

External References

https://spring.io/security/cve-2026-22739

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment