CVE Catalog

CVE-2026-40983

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.47%

38th percentile - higher than 38% of all known CVEs

Summary

In Micrometer, a user can send specially crafted gRPC requests that may cause a denial-of-service (DoS) condition. Affected versions are 1.16.0 through 1.16.5 and 1.15.0 through 1.15.11.

Risk Assessment

An attacker can remotely cause the application using Micrometer to become unavailable, potentially disrupting monitoring services and impacting business continuity.

Recommendation

Immediately upgrade Micrometer to version 1.16.6 or later (for the 1.16 branch) and to 1.15.12 or later (for the 1.15 branch).

Original NVD description (English source)

In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of-service (DoS) condition. Affected versions: Micrometer 1.16.0 through 1.16.5; 1.15.0 through 1.15.11.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS