CVE-2026-22739 - Vulnerability Analysis
HighCVSS: 8.6Last Updated: March 24, 2026
Spring Cloud - Path Traversal
Overview
Spring Cloud 3.1.X < 3.1.13, 4.1.X < 4.1.9, 4.2.X < 4.2.3, 4.3.X < 4.3.2, and 5.0.X < 5.0.2 contain a path traversal caused by profile parameter substitution in Config Server using native file system backend, letting attackers access files outside configured directories, exploit requires crafted request.
Severity & Score
Impact
Attackers can access arbitrary files outside intended directories, potentially exposing sensitive information.
Mitigation
Upgrade to versions 3.1.13, 4.1.9, 4.2.3, 4.3.2, or 5.0.2 or later.
Social Media Activity(1 post)
š CVE-2026-22739 - High (8.6) Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible to access files outside of the configured search... š https://www.thehackerwire.com/vulnerability/CVE-2026-22739/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-22739
- Severity
- High
- CVSS Score
- 8.6
- Type
- path_traversal
- Status
- unconfirmed
- EPSS
- 2.3%
- Social Posts
- 1
CWE
- CWE-22
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L