Main Vulnerability Database Vulnerabilities #VU130981

Resource exhaustion in Spring Cloud Function - CVE-2026-40990

Published: May 11, 2026

Vulnerability identifier: #VU130981

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-40990

CWE-ID: CWE-400

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Spring Cloud Function

Software vendor:
VMware, Inc

Description

The vulnerability allows an attacker with physical access to cause a denial of service.

The vulnerability exists due to uncontrolled resource consumption in the function registry when adding function definitions. An attacker with physical access can add an infinite number of functions to cause a denial of service.

User interaction is required.

Remediation

Install security update from vendor's website.

External links

https://spring.io/security/cve-2026-40990

Resource exhaustion in Spring Cloud Function - CVE-2026-40990

Description

Remediation

External links

Please verify you're human