CVE-2026-40983
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk38th percentile - higher than 38% of all known CVEs
Summary
In Micrometer, a user can send specially crafted gRPC requests that may cause a denial-of-service (DoS) condition. Affected versions are 1.16.0 through 1.16.5 and 1.15.0 through 1.15.11.
Risk Assessment
An attacker can remotely cause the application using Micrometer to become unavailable, potentially disrupting monitoring services and impacting business continuity.
Recommendation
Immediately upgrade Micrometer to version 1.16.6 or later (for the 1.16 branch) and to 1.15.12 or later (for the 1.15 branch).
Original NVD description (English source)
In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of-service (DoS) condition. Affected versions: Micrometer 1.16.0 through 1.16.5; 1.15.0 through 1.15.11.

