What is the CVSS score of CVE-2026-41002?

CVE-2026-41002 has a CVSS 3.1 base score of 7.2 (High). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Spring Cloud Config Server are affected by CVE-2026-41002?

Spring Cloud Config Server (CVE-2026-41002) contains a race condition in Git repository operations that allows high-privilege local attackers to read or modify configuration data across applications…. A patch is available.

Spring Cloud Config Server CVE-2026-41002

EUVD-2026-28248 HIGH

Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)

2026-05-07 vmware

GHSA-86wq-234q-r6wg

Java Information Disclosure

7.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Patch available

May 07, 2026 - 06:16 EUVD

Analysis Generated

May 07, 2026 - 04:46 vuln.today

CVSS changed

May 07, 2026 - 04:35 NVD

7.4 (HIGH) 7.2 (HIGH)

CVE Published

May 07, 2026 - 03:53 nvd

HIGH 7.2

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

7 maven packages depend on org.springframework.cloud:spring-cloud-config-server (6 direct, 1 indirect)

Ecosystem-wide dependent count for version 3.1.0.

DescriptionNVD

The base directory (spring.cloud.config.server.git.basedir) used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use (TOCTOU) attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Enterprise Support Only). Spring Cloud Config 4.1.x: affected from 4.1.0 through 4.1.9 (inclusive); upgrade to 4.1.10 or greater (Enterprise Support Only). Spring Cloud Config 4.2.x: affected from 4.2.0 through 4.2.6 (inclusive); upgrade to 4.2.7 or greater (Enterprise Support Only). Spring Cloud Config 4.3.x: affected from 4.3.0 through 4.3.2 (inclusive); upgrade to 4.3.3 or greater. Spring Cloud Config 5.0.x: affected from 5.0.0 through 5.0.2 (inclusive); upgrade to 5.0.3 or greater.

AnalysisAI

Time-of-check-time-of-use (TOCTOU) race condition in Spring Cloud Config Server's Git repository cloning mechanism allows local privileged attackers with high-privilege system access to potentially read or modify configuration data intended for other applications. Exploitation requires timing manipulation of the basedir filesystem path between validation and use, enabling symlink attacks or directory substitution. …

RemediationAI

Within 24 hours: Inventory all Spring Cloud Config Server deployments and document current versions in use; isolate instances handling sensitive configurations if running on shared infrastructure. Within 7 days: Implement filesystem access controls restricting basedir directory permissions to prevent privilege escalation; review Git repository clone logs for suspicious timing patterns. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-41002 vulnerability details – vuln.today

Back

Spring Cloud Config Server CVE-2026-41002

CVSS VectorNVD

Lifecycle Timeline

Blast Radius

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code