PT-2026-31891 · Vmware · Spring Cloud Gateway
Published
2026-04-10
·
Updated
2026-04-20
·
CVE-2026-22750
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Spring Cloud Gateway versions prior to 4.2.1 and versions 5.0.0 and 5.1.0.
Description
When configuring SSL bundles in Spring Cloud Gateway using the
spring.ssl.bundle configuration property, the configuration was silently ignored, and the default SSL configuration was used instead. This could lead to weaker cryptography than intended, potentially enabling Man-in-the-Middle (MitM) attacks.Recommendations
Upgrade to Spring Cloud Gateway version 4.2.1 or later. Alternatively, upgrade to version 5.0.1 or 5.1.1.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Spring Cloud Gateway