CVE Catalog

CVE-2026-41708

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.46%

36th percentile — higher than 36% of all known CVEs

Summary

In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is not disabled.

Risk Assessment

This vulnerability may lead to application disruption, affecting service availability for users. Organizations may experience downtime and loss of customer trust.

Recommendation

It is recommended to upgrade to the latest version of Spring Cloud Sleuth and disable Spring TX instrumentation to minimize the risk of DoS.

Original NVD description (English source)

In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is not disabled. Affected versions: Spring Cloud Sleuth 3.1.0 through 3.1.13.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS