CVE-2026-41708
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk36th percentile — higher than 36% of all known CVEs
Summary
In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is not disabled.
Risk Assessment
This vulnerability may lead to application disruption, affecting service availability for users. Organizations may experience downtime and loss of customer trust.
Recommendation
It is recommended to upgrade to the latest version of Spring Cloud Sleuth and disable Spring TX instrumentation to minimize the risk of DoS.
Original NVD description (English source)
In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is not disabled. Affected versions: Spring Cloud Sleuth 3.1.0 through 3.1.13.

