EUVD-2026-28246
GHSA-6g23-24mc-hx6x
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
3Blast Radius
ecosystem impact- 7 maven packages depend on org.springframework.cloud:spring-cloud-config-server (6 direct, 1 indirect)
Ecosystem-wide dependent count for version 3.1.0.
DescriptionNVD
Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Enterprise Support Only). Spring Cloud Config 4.1.x: affected from 4.1.0 through 4.1.9 (inclusive); upgrade to 4.1.10 or greater (Enterprise Support Only). Spring Cloud Config 4.2.x: affected from 4.2.0 through 4.2.6 (inclusive); upgrade to 4.2.7 or greater (Enterprise Support Only). Spring Cloud Config 4.3.x: affected from 4.3.0 through 4.3.2 (inclusive); upgrade to 4.3.3 or greater. Spring Cloud Config 5.0.x: affected from 5.0.0 through 5.0.2 (inclusive); upgrade to 5.0.3 or greater.
AnalysisAI
Directory traversal in Spring Cloud Config server module allows remote unauthenticated attackers to read arbitrary files from the file system using specially crafted URLs. Affects Spring Cloud Config versions 3.1.0-3.1.13, 4.1.0-4.1.9, 4.2.0-4.2.6, 4.3.0-4.3.2, and 5.0.0-5.0.2, with patches available across all branches. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all Spring Cloud Config Server instances in your environment and confirm versions against affected ranges (3.1.0-3.1.13, 4.1.0-4.1.9, 4.2.0-4.2.6, 4.3.0-4.3.2, 5.0.0-5.0.2). Within 7 days: Apply vendor-released patches to all affected instances-upgrade to Spring Cloud Config 3.1.14+, 4.1.10+, 4.2.7+, 4.3.3+, or 5.0.3+. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today