Known Vulnerabilities for Spring Cloud Config by Spring
Listed below are 4 of the newest known vulnerabilities associated with "Spring Cloud Config" by "Spring".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-41004 json | When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring ... | Not Provided | 2026-05-07 | 2026-05-07 |
| CVE-2026-41002 json | The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server to clone Git repositorie... | Not Provided | 2026-05-07 | 2026-05-07 |
| CVE-2026-40982 json | Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server modul... | Not Provided | 2026-05-07 | 2026-05-07 |
| CVE-2026-40981 json | When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config ... | Not Provided | 2026-05-07 | 2026-05-07 |