CVE-2026-22739 - Vulnerability Analysis
HighCVSS: 8.6Last Updated: March 24, 2026
Spring Cloud - Path Traversal
Published: March 24, 2026Updated: March 24, 2026Remote Exploitable
Overview
Spring Cloud 3.1.X < 3.1.13, 4.1.X < 4.1.9, 4.2.X < 4.2.3, 4.3.X < 4.3.2, and 5.0.X < 5.0.2 contain a path traversal caused by profile parameter substitution in Config Server using native file system backend, letting attackers access files outside configured directories, exploit requires crafted request.
Severity & Score
Severity: High
CVSS Score: 8.6
Impact
Attackers can access arbitrary files outside intended directories, potentially exposing sensitive information.
Mitigation
Upgrade to versions 3.1.13, 4.1.9, 4.2.3, 4.3.2, or 5.0.2 or later.
Related Resources
Details
- CVE ID
- CVE-2026-22739
- Severity
- High
- CVSS Score
- 8.6
- Type
- path_traversal
- Status
- new
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L