PT-2026-27270 · Vmware · Spring Cloud

Hyunwoo Kim

Published

2026-03-23

Updated

2026-04-01

CVE-2026-22739

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Spring Cloud versions 3.1.X through 3.1.12, 4.1.X through 4.1.8, 4.2.X through 4.2.2, 4.3.X through 4.3.1, and 5.0.X through 5.0.1.

Description: A flaw exists in Spring Cloud Config when substituting the profile parameter from a request to the Spring Cloud Config Server configured to use the native file system as a backend. This allows an attacker to access files outside of the configured search directories. The issue is due to improper path restriction.

Recommendations: Update Spring Cloud to version 3.1.13, 4.1.9, 4.2.3, 4.3.2, or 5.0.2.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

BDU:2026-04241

CVE-2026-22739

GHSA-3QWQ-Q9VM-5J42

Affected Products

Spring Cloud

PT-2026-27270 · Vmware · Spring Cloud

CVE-2026-22739

Weakness Enumeration

Related Identifiers

Affected Products

References · 19