Skip to main content

Spring Cloud Config

6 CVEs product

Monthly

CVE-2026-40981 Maven HIGH PATCH GHSA This Week

Remote unauthenticated attackers can access Google Secrets Manager credentials from unintended GCP projects via crafted requests to Spring Cloud Config servers using Google Secrets Manager as a backend. VMware confirmed this high-severity information disclosure vulnerability (CVSS 7.5) affecting all 3.1.x through 5.0.x versions. No CISA KEV listing or public exploit code identified at time of analysis, but the network-accessible attack vector with no authentication or user interaction required (AV:N/AC:L/PR:N/UI:N) indicates straightforward exploitation once attackers identify vulnerable Spring Cloud Config deployments with Google Secrets Manager integration.

Authentication Bypass Java Google Spring Cloud Config
NVD VulDB HeroDevs
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-40982 Maven CRITICAL PATCH GHSA Act Now

Directory traversal in Spring Cloud Config server module allows remote unauthenticated attackers to read arbitrary files from the file system using specially crafted URLs. Affects Spring Cloud Config versions 3.1.0-3.1.13, 4.1.0-4.1.9, 4.2.0-4.2.6, 4.3.0-4.3.2, and 5.0.0-5.0.2, with patches available across all branches. The vulnerability achieves CVSS 9.1 (Critical) due to remote exploitation without authentication (AV:N/AC:L/PR:N/UI:N) and high confidentiality/integrity impact, though EPSS and KEV data are not available to confirm active exploitation status. VMware/Spring has released fixes for all affected versions.

Java Path Traversal Spring Cloud Config
NVD HeroDevs
CVSS 3.1
9.1
EPSS
0.1%
CVE-2023-20859 Maven MEDIUM PATCH This Month

In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Java Information Disclosure Hashicorp Spring Cloud Config Spring Cloud Vault +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2020-5410 Maven HIGH POC KEV PATCH THREAT This Week

Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Spring Cloud Config
NVD GitHub
CVSS 3.1
7.5
EPSS
95.6%
CVE-2020-5405 Maven MEDIUM POC PATCH THREAT This Month

Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal Spring Cloud Config
NVD
CVSS 3.1
6.5
EPSS
68.8%
CVE-2019-3799 Maven MEDIUM POC PATCH THREAT This Month

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Java Path Traversal Spring Cloud Config Communications Cloud Native Core Policy
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
85.3%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Remote unauthenticated attackers can access Google Secrets Manager credentials from unintended GCP projects via crafted requests to Spring Cloud Config servers using Google Secrets Manager as a backend. VMware confirmed this high-severity information disclosure vulnerability (CVSS 7.5) affecting all 3.1.x through 5.0.x versions. No CISA KEV listing or public exploit code identified at time of analysis, but the network-accessible attack vector with no authentication or user interaction required (AV:N/AC:L/PR:N/UI:N) indicates straightforward exploitation once attackers identify vulnerable Spring Cloud Config deployments with Google Secrets Manager integration.

Authentication Bypass Java Google +1
NVD VulDB HeroDevs
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Directory traversal in Spring Cloud Config server module allows remote unauthenticated attackers to read arbitrary files from the file system using specially crafted URLs. Affects Spring Cloud Config versions 3.1.0-3.1.13, 4.1.0-4.1.9, 4.2.0-4.2.6, 4.3.0-4.3.2, and 5.0.0-5.0.2, with patches available across all branches. The vulnerability achieves CVSS 9.1 (Critical) due to remote exploitation without authentication (AV:N/AC:L/PR:N/UI:N) and high confidentiality/integrity impact, though EPSS and KEV data are not available to confirm active exploitation status. VMware/Spring has released fixes for all affected versions.

Java Path Traversal Spring Cloud Config
NVD HeroDevs
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Java Information Disclosure Hashicorp +3
NVD
EPSS 96% CVSS 7.5
HIGH POC KEV PATCH THREAT This Week

Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x prior to 2.1.9, and older unsupported versions allow applications to serve arbitrary configuration files through the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Spring Cloud Config
NVD GitHub
EPSS 69% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x prior to 2.1.7, and older unsupported versions allow applications to serve arbitrary configuration files through the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal Spring Cloud Config
NVD
EPSS 85% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Java Path Traversal Spring Cloud Config +1
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy