Main Vulnerability Database SB20260428209

SB20260428209 - Path traversal in Spring Cloud Config

Published: April 28, 2026

Security Bulletin ID SB20260428209

CSH Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Path traversal (CVE-ID: CVE-2026-22739)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to access files outside of configured search directories.

The vulnerability exists due to improper limitation of a pathname to a restricted directory in the profile parameter handling in the Spring Cloud Config Server native file system backend when substituting the profile parameter from a request. A remote attacker can send a specially crafted request to access files outside of configured search directories.

Only configurations using the native file system backend are affected by this issue.

Remediation

Install update from vendor's website.

References

https://spring.io/security/cve-2026-22739