PT-2026-45515 · Spring · Spring Cloud Function
Published
2026-06-01
·
Updated
2026-06-01
·
CVE-2026-40990
CVSS v3.1
5.7
Medium
| Vector | AV:P/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H |
OOM error is possible while attempting to add infinite amount of functions to Function Registry.
Affected Spring Products and Versions:
Spring Cloud Function 3.2.x: versions prior to 3.2.16
Spring Cloud Function 4.1.x: versions prior to 4.1.10
Spring Cloud Function 4.2.x: versions prior to 4.2.6
Spring Cloud Function 4.3.x: versions prior to 4.3.3
Spring Cloud Function 5.0.x: versions prior to 5.0.2
Older, unsupported versions are also affected.
Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Spring Cloud Function