Skip to main content

Java CVE-2026-22750

| EUVDEUVD-2026-21330 HIGH
External Control of System or Configuration Setting (CWE-15)
2026-04-10 vmware GHSA-hwqh-2684-54fc
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

4
Patch released
Apr 11, 2026 - 02:30 nvd
Patch available
EUVD ID Assigned
Apr 10, 2026 - 08:15 euvd
EUVD-2026-21330
Analysis Generated
Apr 10, 2026 - 08:15 vuln.today
CVE Published
Apr 10, 2026 - 07:32 nvd
HIGH 7.5

DescriptionCVE.org

When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud Gateway 4.2.0 and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway 4.2.x release newer than 4.2.0  available on Maven Centeral https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/ . Ideally if you are not an enterprise customer, you should be upgrading to 5.0.2 or 5.1.1 which are the current supported open source releases.

AnalysisAI

SSL bundle configuration bypass in VMware Spring Cloud Gateway 4.2.0 allows unaneticated remote attackers to compromise integrity through forced fallback to default SSL settings. When administrators configure custom SSL bundles via spring.ssl.bundle property, the framework silently ignores this configuration and applies insecure defaults instead, enabling man-in-the-middle attacks against intended encrypted communications. Affects Spring Cloud Gateway 4.2.0 with no public exploit identified at time of analysis.

Technical ContextAI

Configuration parsing failure in Spring Cloud Gateway's SSL bundle initialization logic causes silent fallback to default trust stores and cipher suites when spring.ssl.bundle property is set. The CPE cpe:2.3:a:vmware:spring_cloud_gateway identifies the vulnerable component. This represents a configuration validation gap rather than traditional input validation vulnerability, allowing weaker-than-intended cryptographic controls.

RemediationAI

Vendor-released patches: upgrade to Spring Cloud Gateway 5.0.2 or 5.1.1 for actively supported open source releases, or to any 4.2.x version newer than 4.2.0 available via Maven Central at https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/ for non-enterprise users on legacy 4.2.x branch. Official advisory at https://spring.io/security/cve-2026-22750 provides detailed upgrade guidance. Enterprise customers on 4.2.x should consult VMware support channels for patched builds. Post-upgrade, validate SSL bundle configurations are actively applied by inspecting runtime TLS handshake parameters and certificate chains to confirm custom trust stores took effect.

More in Java

View all
CVE-2012-4681 CRITICAL POC
9.8 Aug 28

Oracle Java SE 7 Update 6 and earlier contains multiple sandbox bypass vulnerabilities via the ClassFinder and forName m

CVE-2015-7450 CRITICAL POC
9.8 Jan 02

Remote code execution in IBM Sterling B2B Integrator, Sterling Integrator, and Tivoli Common Reporting allows unauthenti

CVE-2013-2465 CRITICAL POC
9.8 Jun 18

Java Runtime Environment sandbox bypass via incorrect image channel verification in 2D component allows remote unauthent

CVE-2011-3544 CRITICAL POC
9.8 Oct 19

Oracle Java SE JDK/JRE 7 and 6 Update 27 and earlier allows remote code execution with complete system compromise throug

CVE-2010-1871 HIGH POC
8.8 Aug 05

JBoss Seam 2 in Red Hat JBoss EAP 4.3.0 fails to sanitize JBoss Expression Language inputs, allowing remote attackers to

CVE-2012-1723 CRITICAL POC
9.8 Jun 16

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 up

CVE-2013-0422 CRITICAL POC
9.8 Jan 10

Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using

CVE-2012-0507 CRITICAL POC
9.8 Jun 07

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Up

CVE-2015-4852 CRITICAL POC
9.8 Nov 18

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers

CVE-2012-5076 CRITICAL POC
9.8 Oct 16

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allow

CVE-2017-3066 CRITICAL POC
9.8 Apr 27

Remote unauthenticated attackers can execute arbitrary code on Adobe ColdFusion servers through Java deserialization fla

CVE-2012-0391 CRITICAL POC
9.8 Jan 08

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during

Share

CVE-2026-22750 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy