CVE-2026-40982
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk50th percentile — higher than 50% of all known CVEs
Summary
A directory traversal vulnerability in Spring Cloud Config allows an attacker to read arbitrary files via a specially crafted URL. The issue affects the spring-cloud-config-server module serving text and binary files.
Risk Assessment
An attacker can read sensitive files from the server filesystem, leading to exposure of confidential data such as configurations, passwords, or private keys.
Recommendation
Upgrade Spring Cloud Config to version 3.1.14, 4.1.10, 4.2.7, 4.3.3, or 5.0.3 depending on your branch. For versions 3.1.x, 4.1.x, and 4.2.x, the upgrade requires Enterprise Support.
Original NVD description (English source)
Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Enterprise Support Only). Spring Cloud Config 4.1.x: affected from 4.1.0 through 4.1.9 (inclusive); upgrade to 4.1.10 or greater (Enterprise Support Only). Spring Cloud Config 4.2.x: affected from 4.2.0 through 4.2.6 (inclusive); upgrade to 4.2.7 or greater (Enterprise Support Only). Spring Cloud Config 4.3.x: affected from 4.3.0 through 4.3.2 (inclusive); upgrade to 4.3.3 or greater. Spring Cloud Config 5.0.x: affected from 5.0.0 through 5.0.2 (inclusive); upgrade to 5.0.3 or greater.

