CVE-2026-40982: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Spring Spring Cloud Config
CVE-2026-40982 is a critical path traversal vulnerability in Spring Cloud Config server modules that allows attackers to retrieve arbitrary files by sending specially crafted URLs. It affects multiple versions across the 3. 1. x, 4. 1. x, 4. 2. x, 4. 3. x, and 5.
AI Analysis
Technical Summary
Spring Cloud Config server modules prior to versions 3.1.14, 4.1.10, 4.2.7, 4.3.3, and 5.0.3 allow path traversal attacks (CWE-22) via specially crafted URLs. This vulnerability permits an attacker to access arbitrary text and binary files served by the config server, potentially exposing sensitive data. The CVSS 3.1 base score is 9.1 (critical) with network attack vector, low attack complexity, no privileges required, no user interaction, and high confidentiality and integrity impacts. The vulnerability affects multiple release lines and requires upgrading to fixed versions to remediate. No vendor advisory text is provided to confirm patch status explicitly, but version upgrade recommendations imply official fixes.
Potential Impact
Successful exploitation allows an unauthenticated attacker to read arbitrary files from the Spring Cloud Config server, leading to high confidentiality and integrity impact. There is no impact on availability. This could result in exposure of sensitive configuration data or other files accessible to the server process.
Mitigation Recommendations
Upgrade affected Spring Cloud Config server instances to the fixed versions: 3.1.14 or later, 4.1.10 or later, 4.2.7 or later, 4.3.3 or later, or 5.0.3 or later. These upgrades address the path traversal vulnerability. Patch status is inferred from version upgrade guidance; check the official Spring vendor advisories for confirmation and detailed remediation instructions. No other mitigations are indicated.
CVE-2026-40982: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Spring Spring Cloud Config
Description
CVE-2026-40982 is a critical path traversal vulnerability in Spring Cloud Config server modules that allows attackers to retrieve arbitrary files by sending specially crafted URLs. It affects multiple versions across the 3. 1. x, 4. 1. x, 4. 2. x, 4. 3. x, and 5.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Spring Cloud Config server modules prior to versions 3.1.14, 4.1.10, 4.2.7, 4.3.3, and 5.0.3 allow path traversal attacks (CWE-22) via specially crafted URLs. This vulnerability permits an attacker to access arbitrary text and binary files served by the config server, potentially exposing sensitive data. The CVSS 3.1 base score is 9.1 (critical) with network attack vector, low attack complexity, no privileges required, no user interaction, and high confidentiality and integrity impacts. The vulnerability affects multiple release lines and requires upgrading to fixed versions to remediate. No vendor advisory text is provided to confirm patch status explicitly, but version upgrade recommendations imply official fixes.
Potential Impact
Successful exploitation allows an unauthenticated attacker to read arbitrary files from the Spring Cloud Config server, leading to high confidentiality and integrity impact. There is no impact on availability. This could result in exposure of sensitive configuration data or other files accessible to the server process.
Mitigation Recommendations
Upgrade affected Spring Cloud Config server instances to the fixed versions: 3.1.14 or later, 4.1.10 or later, 4.2.7 or later, 4.3.3 or later, or 5.0.3 or later. These upgrades address the path traversal vulnerability. Patch status is inferred from version upgrade guidance; check the official Spring vendor advisories for confirmation and detailed remediation instructions. No other mitigations are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- vmware
- Date Reserved
- 2026-04-16T02:19:04.616Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69fc1390cbff5d8610732602
Added to database: 5/7/2026, 4:22:40 AM
Last enriched: 5/7/2026, 4:37:09 AM
Last updated: 5/7/2026, 10:24:10 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.