惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

P
Proofpoint News Feed
罗磊的独立博客
Martin Fowler
Martin Fowler
B
Blog RSS Feed
U
Unit 42
V
V2EX
H
Help Net Security
V
Vulnerabilities – Threatpost
The Register - Security
The Register - Security
IT之家
IT之家
Cloudbric
Cloudbric
K
Kaspersky official blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
Jina AI
Jina AI
Microsoft Azure Blog
Microsoft Azure Blog
大猫的无限游戏
大猫的无限游戏
P
Palo Alto Networks Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
S
SegmentFault 最新的问题
Cisco Talos Blog
Cisco Talos Blog
博客园 - 司徒正美
Cyberwarzone
Cyberwarzone
Spread Privacy
Spread Privacy
P
Proofpoint News Feed
Apple Machine Learning Research
Apple Machine Learning Research
T
Tenable Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
I
Intezer
G
GRAHAM CLULEY
T
Threatpost
C
Check Point Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
H
Hackread – Cybersecurity News, Data Breaches, AI and More
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
Tor Project blog
L
Lohrmann on Cybersecurity
WordPress大学
WordPress大学
N
Netflix TechBlog - Medium
The GitHub Blog
The GitHub Blog
C
CERT Recently Published Vulnerability Notes
Microsoft Security Blog
Microsoft Security Blog
Hugging Face - Blog
Hugging Face - Blog
The Hacker News
The Hacker News
Schneier on Security
Schneier on Security
爱范儿
爱范儿
云风的 BLOG
云风的 BLOG
Security Archives - TechRepublic
Security Archives - TechRepublic
T
The Blog of Author Tim Ferriss
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
P
Privacy & Cybersecurity Law Blog

Spring Security Advisories

CVE-2026-47835: Spring AI vector store metadata filtering to handle special characters in Elasticsearch, OpenSearch, and GemFire Vector Stores CVE-2026-41862: Kryo deserialization of persisted context without class allowlist CVE-2026-41708: Spring Cloud Sleuth instrumentation of Spring TX DoS vulnerability CVE-2026-47825: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situations CVE-2026-40985: Data Binding Vulnerability in Spring Web Flow with Unified EL Parser CVE-2026-40986: Spring Web Flow JS RemotingHandler renders non-HTML Response as HTML CVE-2026-40987: Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization CVE-2026-40994: Wss4jSecurityInterceptor disables WS-I BSP validation by default CVE-2026-40995: X.509 authentication bypasses Spring Security account checks CVE-2026-40997: SOAP security faults leak Spring Security account state CVE-2026-40998: Jaxp13 XPath XXE via StreamSource and SAXSource CVE-2026-40999: Spring WS SSRF via unvalidated WS-Addressing reply destinations CVE-2026-41000: WSS4J validation does not use configured replay cache CVE-2026-40996: Inbound WS-Security allows RSA PKCS#1 v1.5 key transport by default CVE-2026-40992: Mail Auto-Configuration Does Not Enable SSL Hostname Verification CVE-2026-41001: Predictable Temp Directory in Artemis Auto-configuration CVE-2026-41699: Unsafe Deserialization in Spring GraphQL CVE-2026-41700: Cross-Site WebSocket Hijacking in Spring for GraphQL CVE-2026-41856: Spring GraphQL Annotation Detection Vulnerability CVE-2026-41695: Denial of Service in Spring Data Commons Property Path Resolution CVE-2026-41696: Spring Data MongoDB Bind Parameter Literal Quoting Breakout CVE-2026-41697: Spring Data Relational Parameter not Escaped for Query By Example LIKE Pattern CVE-2026-41711: Potential Denial of Service through crafted Sort Parameters CVE-2026-41716: Spring Data web support unbounded negative-result cache keyed on attacker-supplied property names CVE-2026-41717: Spring Data MongoDB - SpEL Expression Injection via Annotated Query Parameter Binding CVE-2026-41719: Spring Data KeyValue - SpEL Injection vulnerability in SpelPropertyComparator CVE-2026-40991: XML External Entity (XXE) injection when documenting untrusted XML content CVE-2026-41721: Spring Data Commons Denial of Service via Data Binding CVE-2026-41728: Spring Data REST JSON Patch bypasses Jackson read-only property protection on nested objects and collections CVE-2026-40993: Unfiltered Java Native Deserialization of SAML 2.0 Asserting Party Credentials BLOB Database Entry CVE-2026-40988: Unbounded DEFLATE Inflation in SAML 2.0 Service Provider CVE-2026-41003: Unencoded HTML Outputs in Spring Security May Allow Cross-Site Scripting CVE-2026-41008: Spring Security Authorization Server Open Redirect via request_uri CVE-2026-41694: SAML Payloads Decrypted Without Valid Signature CVE-2026-41706: Open Redirect When Using CookieRequestCache CVE-2026-41714: In Spring AMQP the `RabbitConnectionFactoryBean.setUri("amqps://...")` bypasses secure SSL setup, uses `TrustEverythingTrustManager` CVE-2026-41701: In Spring AMQP sequential correlation IDs enable reply poisoning on fixed reply queues CVE-2026-41726: In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header CVE-2026-41729: Spring Data REST SpEL Injection via Map Key in JSON Patch CVE-2026-41730: Spring Data REST exposes persistence-layer internals in error responses CVE-2026-41727: In Spring for Apache Kafka, forged retry topic headers subvert retry routing and backoff behavior CVE-2026-41731: In Spring for Apache Kafka, overly broad trusted-package matching in header mappers exposes JDK classes to deserialization CVE-2026-41732: In Spring for Apache Pulsar, overly broad trusted-package matching in header mapper exposes JDK classes to deserialization CVE-2026-41837: Spring Data REST Querydsl integration exposes Jackson-hidden persistent fields as filter keys CVE-2026-47838: Unauthorized User Impersonation when Using X.509 Client Certificates CVE-2026-40983: Micrometer gRPC server instrumentation DoS vulnerability CVE-2026-41715: Reactor Netty HTTP Client Leaks Credentials On Protocol Downgrade Redirect CVE-2026-40984: Micrometer HTTP server instrumentations DoS vulnerability CVE-2026-41007: Spring HATEOAS heap exhaustion through unbounded internal caching CVE-2026-41006: Spring HATEOAS Collection+JSON/UBER deserializers do not honor Jackson configuration CVE-2026-41720: Authentication Bypass with Empty Password in Spring LDAP CVE-2026-41838: Spring Framework Predictable Session ID in WebSocket Module CVE-2026-41839: Spring Framework Escalation via Session Fixation in WebFlux CVE-2026-41710: Cache Exhaustion in Stateful Retries leads to Denial of Service CVE-2026-41840: Spring Framework Denial of Service via Multipart Requests in WebFlux CVE-2026-41863: LLM-influenced filename used unsanitized in Path.resolve before file write in Spring AI support for Anthropic Skills API CVE-2026-40989: Self Routing guard bypassed via function composition CVE-2026-40990: Unbounded cache for function definitions CVE-2026-41705: Expression injection in MilvusVectorStore doDelete allows data destruction CVE-2026-41712: ChatMemory DEFAULT_CONVERSATION_ID causes unintended cross-user data leakage CVE-2026-41713: Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor CVE-2026-41002: Spring Cloud Config Server Susceptible To TOCTOU Attack CVE-2026-40982: Directory Traversal with spring-cloud-config-server CVE-2026-40981: Spring Cloud Config Clients Can Access Secrets From Any Project The Config Server Has Access To On Google Secrets Manager CVE-2026-41004: Spring Cloud Config Server Logged Sensitive Information CVE-2026-40968 - Medium - CVE-2026-40968: Spring gRPC SecurityContext leaks across requests on authorization failure CVE-2026-40969 - Low - CVE-2026-40969: Spring gRPC AuthenticationException message reflected to remote client CVE-2026-40966 - Moderate - CVE-2026-40966: VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration CVE-2026-40967 - High - CVE-2026-40967: VectorStore FilterExpression Converter injection CVE-2026-40978 - High - CVE-2026-40978: SQL Injection in CosmosDBVectorStore.doDelete() CVE-2026-40979 - Moderate - CVE-2026-40979: ONNX model cache defaults to world-writable predictable /tmp directory CVE-2026-40980 - Moderate - CVE-2026-40980: OOM by attacker-controlled PDF CVE-2026-40970 - Medium - CVE-2026-40970: Elasticsearch auto-configuration with an SSL bundle disables TLS hostname verification CVE-2026-40971 - Medium - CVE-2026-40971: RabbitMQ auto-configuration with an SSL bundle disables TLS hostname verification CVE-2026-40972 - High - CVE-2026-40972: DevTools remote secret comparison is vulnerable to timing attacks CVE-2026-40973 - High - CVE-2026-40973: Predictable temp directory accepted without ownership verification CVE-2026-40974 - Medium - CVE-2026-40974: Cassandra SSL auto-configuration disables TLS hostname verification CVE-2026-40975 - Medium - CVE-2026-40975: Random value property source uses a weak PRNG unsuitable for secrets CVE-2026-40977 - Medium - CVE-2026-40977: PID file write follows symlinks at predictable default path CVE-2026-40976 - Critical - CVE-2026-40976: Default security filter chain has no authorization rule with Actuator but without Health CVE-2026-22751: Spring Security JdbcOneTimeTokenService allows a one-time token to authenticate multiple sessions CVE-2026-22752: Spring Security Authorization Server Dynamic Client Registration endpoints perform insufficient validation of client metadata CVE-2026-22746: User Attribute Enumeration when Using DaoAuthenticationProvider CVE-2026-22753: Servlet Path Not Correctly Included in Path Matching of HttpSecurity#securityMatchers CVE-2026-22754: Servlet Path Not Correctly Included in Path Matching of XML Authorization Rules CVE-2026-22747: Unauthorized User Impersonation when Using X.509 Client Certificates CVE-2026-22748: Potential Security Misconfiguration when Using withIssuerLocation CVE-2026-22740: Spring Framework DoS with Multipart Temp Files in WebFlux CVE-2026-22741: Static resource cache poisoning in Spring MVC and WebFlux CVE-2026-22745 : Denial of service in static resource handling on Windows platforms CVE-2026-22738: SpEL Injection via Unescaped Filter Key in SimpleVectorStore Leads to Remote Code Execution CVE-2026-22744: RediSearch Query via Unescaped TAG Filter Values in RedisVectorStore CVE-2026-22743: Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore CVE-2026-22742: Server-Side Request Forgery in BedrockProxyChatModel via Unvalidated Media URL Fetching CVE-2026-22739: Spring Cloud Config Profile Substitution Can Allow Unintended Access To Files And Enable SSRF Attacks CVE-2026-22731: Authentication Bypass under Actuator Health groups paths cve-2026-22732: Under Some Conditions Spring Security HTTP Headers Are not Written CVE-2026-22737: Spring Framework Improper Path Limitation with Script View Templates CVE-2026-22733: Authentication Bypass under Actuator CloudFoundry endpoints CVE-2026-22735: Server Sent Event stream corruption
CVE-2026-22750: SSL bundle configuration silently bypassed in Spring Cloud Gateway
2026-04-09 · via Spring Security Advisories

Description

When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead.

Affected Spring Products and Versions

Spring Cloud Gateway:

  • 4.2.0

Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud Gateway 4.2.0 and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway 4.2.x release newer than 4.2.0 available on Maven Centeral. Ideally if you are not an enterprise customer, you should be upgrading to 5.0.2 or 5.1.1 which are the current supported open source releases.

Mitigation

Users of affected versions should upgrade to the corresponding fixed version.

Affected version(s) Fix version Availability
4.2.0 4.2.1 or newer releases Enterprise Support Only

Credit

The issue was identified and responsibly reported by Otmane Omry (@otmaneomry).

References