Skip to main content

Micrometer

2 CVEs product

Monthly

CVE-2026-40984 HIGH PATCH This Week

Denial-of-service in Micrometer (micrometer-core, micrometer-jetty11, and micrometer-jetty12) allows remote unauthenticated attackers to exhaust resources by sending specially crafted HTTP requests against applications that expose Micrometer-instrumented endpoints. The flaw affects a wide swath of supported 1.9.x through 1.16.x release lines and carries a CVSS 7.5 (availability-only) impact. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Denial Of Service Micrometer
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-40983 HIGH PATCH This Week

Denial-of-service in Micrometer (Spring observability library) versions 1.15.0-1.15.11 and 1.16.0-1.16.5 allows remote unauthenticated attackers to exhaust resources via specially crafted gRPC requests. With CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) reflecting availability-only impact, the issue is reachable over the network without credentials, though no public exploit identified at time of analysis. Applications embedding Micrometer's gRPC instrumentation are most exposed.

Denial Of Service Micrometer
NVD
CVSS 3.1
7.5
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial-of-service in Micrometer (micrometer-core, micrometer-jetty11, and micrometer-jetty12) allows remote unauthenticated attackers to exhaust resources by sending specially crafted HTTP requests against applications that expose Micrometer-instrumented endpoints. The flaw affects a wide swath of supported 1.9.x through 1.16.x release lines and carries a CVSS 7.5 (availability-only) impact. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Denial Of Service Micrometer
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial-of-service in Micrometer (Spring observability library) versions 1.15.0-1.15.11 and 1.16.0-1.16.5 allows remote unauthenticated attackers to exhaust resources via specially crafted gRPC requests. With CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) reflecting availability-only impact, the issue is reachable over the network without credentials, though no public exploit identified at time of analysis. Applications embedding Micrometer's gRPC instrumentation are most exposed.

Denial Of Service Micrometer
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy