Main Vulnerability Database Vulnerabilities #VU128384

Path traversal in Spring Cloud Config - CVE-2026-22739

Published: April 28, 2026

Vulnerability identifier: #VU128384

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2026-22739

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Spring Cloud Config

Software vendor:
Pivotal

Description

The vulnerability allows a remote attacker to access files outside of configured search directories.

The vulnerability exists due to improper limitation of a pathname to a restricted directory in the profile parameter handling in the Spring Cloud Config Server native file system backend when substituting the profile parameter from a request. A remote attacker can send a specially crafted request to access files outside of configured search directories.

Only configurations using the native file system backend are affected by this issue.

Remediation

Install security update from vendor's website.

External links

https://spring.io/security/cve-2026-22739

Path traversal in Spring Cloud Config - CVE-2026-22739

Description

Remediation

External links

Please verify you're human