Search criteria
8 vulnerabilities found for spring_cloud_gateway by vmware
CVE-2026-22750 (GCVE-0-2026-22750)
Vulnerability from nvd – Published: 2026-04-10 07:32 – Updated: 2026-04-10 12:59
VLAI
Title
SSL bundle configuration silently bypassed in Spring Cloud Gateway
Summary
When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead.
Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud Gateway 4.2.0 and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway 4.2.x release newer than 4.2.0 available on Maven Centeral https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/ . Ideally if you are not an enterprise customer, you should be upgrading to 5.0.2 or 5.1.1 which are the current supported open source releases.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-15 - External Control of System or Configuration Setting
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | Spring Cloud Gateway |
Affected:
4.2.0 , < 4.2.1
(ENTERPRISE)
|
Date Public
2026-04-09 14:15
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22750",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T12:59:10.606788Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-15",
"description": "CWE-15 External Control of System or Configuration Setting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T12:59:14.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Spring Cloud Gateway",
"product": "Spring Cloud Gateway",
"vendor": "VMware",
"versions": [
{
"lessThan": "4.2.1",
"status": "affected",
"version": "4.2.0",
"versionType": "ENTERPRISE"
}
]
}
],
"datePublic": "2026-04-09T14:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When configuring SSL bundles in Spring Cloud Gateway by using the configuration property\u0026nbsp;\u003ccode\u003espring.ssl.bundle\u003c/code\u003e, the configuration was silently ignored and the default SSL configuration was used instead.\u003cbr\u003eNote: The\u0026nbsp;\u003ccode\u003e4.2.x\u003c/code\u003e\u0026nbsp;branch is no longer under open source support. If you are using Spring Cloud Gateway\u0026nbsp;\u003ccode\u003e4.2.0\u003c/code\u003e\u0026nbsp;and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway\u0026nbsp;\u003ccode\u003e4.2.x\u003c/code\u003e\u0026nbsp;release newer than\u0026nbsp;\u003ccode\u003e4.2.0\u003c/code\u003e\u0026nbsp;\u003ca href=\"https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/\"\u003eavailable on Maven Centeral\u003c/a\u003e. Ideally if you are not an enterprise customer, you should be upgrading to\u0026nbsp;\u003ccode\u003e5.0.2\u003c/code\u003e\u0026nbsp;or\u0026nbsp;\u003ccode\u003e5.1.1\u003c/code\u003e\u0026nbsp;which are the current supported open source releases."
}
],
"value": "When configuring SSL bundles in Spring Cloud Gateway by using the configuration property\u00a0spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead.\nNote: The\u00a04.2.x\u00a0branch is no longer under open source support. If you are using Spring Cloud Gateway\u00a04.2.0\u00a0and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway\u00a04.2.x\u00a0release newer than\u00a04.2.0\u00a0 available on Maven Centeral https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/ . Ideally if you are not an enterprise customer, you should be upgrading to\u00a05.0.2\u00a0or\u00a05.1.1\u00a0which are the current supported open source releases."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T07:32:31.260Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-22750"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SSL bundle configuration silently bypassed in Spring Cloud Gateway",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-22750",
"datePublished": "2026-04-10T07:32:31.260Z",
"dateReserved": "2026-01-09T06:55:03.990Z",
"dateUpdated": "2026-04-10T12:59:14.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-22946 (GCVE-0-2022-22946)
Vulnerability from nvd – Published: 2022-03-04 15:50 – Updated: 2024-08-03 03:28
VLAI
Summary
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.
Severity
No CVSS data available.
CWE
- OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://tanzu.vmware.com/security/cve-2022-22946 | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Spring Cloud Gateway |
Affected:
Spring cloud gateway versions 3.1.x prior to 3.1.1+
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tanzu.vmware.com/security/cve-2022-22946"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring Cloud Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Spring cloud gateway versions 3.1.x prior to 3.1.1+"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:46:27.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tanzu.vmware.com/security/cve-2022-22946"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Cloud Gateway",
"version": {
"version_data": [
{
"version_value": "Spring cloud gateway versions 3.1.x prior to 3.1.1+"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tanzu.vmware.com/security/cve-2022-22946",
"refsource": "MISC",
"url": "https://tanzu.vmware.com/security/cve-2022-22946"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22946",
"datePublished": "2022-03-04T15:50:06.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:28:42.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22947 (GCVE-0-2022-22947)
Vulnerability from nvd – Published: 2022-03-03 00:00 – Updated: 2025-10-21 23:15
VLAI
CISA KEV
Summary
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
Severity
10 (Critical)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Spring Cloud Gateway |
Affected:
Spring cloud gateway versions 3.1.x prior to 3.1.1+, 3.0.x prior to 3.0.7+ and all old and unsupported versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://tanzu.vmware.com/security/cve-2022-22947"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-22947",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T17:53:56.180900Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-05-16",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22947"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:45.220Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22947"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-05-16T00:00:00.000Z",
"value": "CVE-2022-22947 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Spring Cloud Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Spring cloud gateway versions 3.1.x prior to 3.1.1+, 3.0.x prior to 3.0.7+ and all old and unsupported versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-17T00:00:00.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://tanzu.vmware.com/security/cve-2022-22947"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "http://packetstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "http://packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22947",
"datePublished": "2022-03-03T00:00:00.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:45.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22051 (GCVE-0-2021-22051)
Vulnerability from nvd – Published: 2021-11-08 13:37 – Updated: 2024-08-03 18:30
VLAI
Summary
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer.
Severity
No CVSS data available.
CWE
- Specifically crafted requests could make an extra request on downstream services.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://tanzu.vmware.com/security/cve-2021-22051 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Spring Cloud Gateway |
Affected:
3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tanzu.vmware.com/security/cve-2021-22051"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring Cloud Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Specifically crafted requests could make an extra request on downstream services.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-08T13:37:29.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tanzu.vmware.com/security/cve-2021-22051"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Cloud Gateway",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Specifically crafted requests could make an extra request on downstream services."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tanzu.vmware.com/security/cve-2021-22051",
"refsource": "MISC",
"url": "https://tanzu.vmware.com/security/cve-2021-22051"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22051",
"datePublished": "2021-11-08T13:37:29.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:30:23.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-22750 (GCVE-0-2026-22750)
Vulnerability from cvelistv5 – Published: 2026-04-10 07:32 – Updated: 2026-04-10 12:59
VLAI
Title
SSL bundle configuration silently bypassed in Spring Cloud Gateway
Summary
When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead.
Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud Gateway 4.2.0 and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway 4.2.x release newer than 4.2.0 available on Maven Centeral https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/ . Ideally if you are not an enterprise customer, you should be upgrading to 5.0.2 or 5.1.1 which are the current supported open source releases.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-15 - External Control of System or Configuration Setting
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | Spring Cloud Gateway |
Affected:
4.2.0 , < 4.2.1
(ENTERPRISE)
|
Date Public
2026-04-09 14:15
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22750",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-10T12:59:10.606788Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-15",
"description": "CWE-15 External Control of System or Configuration Setting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T12:59:14.451Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "Spring Cloud Gateway",
"product": "Spring Cloud Gateway",
"vendor": "VMware",
"versions": [
{
"lessThan": "4.2.1",
"status": "affected",
"version": "4.2.0",
"versionType": "ENTERPRISE"
}
]
}
],
"datePublic": "2026-04-09T14:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When configuring SSL bundles in Spring Cloud Gateway by using the configuration property\u0026nbsp;\u003ccode\u003espring.ssl.bundle\u003c/code\u003e, the configuration was silently ignored and the default SSL configuration was used instead.\u003cbr\u003eNote: The\u0026nbsp;\u003ccode\u003e4.2.x\u003c/code\u003e\u0026nbsp;branch is no longer under open source support. If you are using Spring Cloud Gateway\u0026nbsp;\u003ccode\u003e4.2.0\u003c/code\u003e\u0026nbsp;and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway\u0026nbsp;\u003ccode\u003e4.2.x\u003c/code\u003e\u0026nbsp;release newer than\u0026nbsp;\u003ccode\u003e4.2.0\u003c/code\u003e\u0026nbsp;\u003ca href=\"https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/\"\u003eavailable on Maven Centeral\u003c/a\u003e. Ideally if you are not an enterprise customer, you should be upgrading to\u0026nbsp;\u003ccode\u003e5.0.2\u003c/code\u003e\u0026nbsp;or\u0026nbsp;\u003ccode\u003e5.1.1\u003c/code\u003e\u0026nbsp;which are the current supported open source releases."
}
],
"value": "When configuring SSL bundles in Spring Cloud Gateway by using the configuration property\u00a0spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead.\nNote: The\u00a04.2.x\u00a0branch is no longer under open source support. If you are using Spring Cloud Gateway\u00a04.2.0\u00a0and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway\u00a04.2.x\u00a0release newer than\u00a04.2.0\u00a0 available on Maven Centeral https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/ . Ideally if you are not an enterprise customer, you should be upgrading to\u00a05.0.2\u00a0or\u00a05.1.1\u00a0which are the current supported open source releases."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-10T07:32:31.260Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://spring.io/security/cve-2026-22750"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SSL bundle configuration silently bypassed in Spring Cloud Gateway",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2026-22750",
"datePublished": "2026-04-10T07:32:31.260Z",
"dateReserved": "2026-01-09T06:55:03.990Z",
"dateUpdated": "2026-04-10T12:59:14.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-22946 (GCVE-0-2022-22946)
Vulnerability from cvelistv5 – Published: 2022-03-04 15:50 – Updated: 2024-08-03 03:28
VLAI
Summary
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.
Severity
No CVSS data available.
CWE
- OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://tanzu.vmware.com/security/cve-2022-22946 | x_refsource_MISC |
| https://www.oracle.com/security-alerts/cpujul2022.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Spring Cloud Gateway |
Affected:
Spring cloud gateway versions 3.1.x prior to 3.1.1+
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tanzu.vmware.com/security/cve-2022-22946"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring Cloud Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Spring cloud gateway versions 3.1.x prior to 3.1.1+"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:46:27.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tanzu.vmware.com/security/cve-2022-22946"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2022-22946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Cloud Gateway",
"version": {
"version_data": [
{
"version_value": "Spring cloud gateway versions 3.1.x prior to 3.1.1+"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tanzu.vmware.com/security/cve-2022-22946",
"refsource": "MISC",
"url": "https://tanzu.vmware.com/security/cve-2022-22946"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22946",
"datePublished": "2022-03-04T15:50:06.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2024-08-03T03:28:42.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-22947 (GCVE-0-2022-22947)
Vulnerability from cvelistv5 – Published: 2022-03-03 00:00 – Updated: 2025-10-21 23:15
VLAI
CISA KEV
Summary
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
Severity
10 (Critical)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Spring Cloud Gateway |
Affected:
Spring cloud gateway versions 3.1.x prior to 3.1.1+, 3.0.x prior to 3.0.7+ and all old and unsupported versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:28:42.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://tanzu.vmware.com/security/cve-2022-22947"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-22947",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T17:53:56.180900Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-05-16",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22947"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:15:45.220Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22947"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-05-16T00:00:00.000Z",
"value": "CVE-2022-22947 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Spring Cloud Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Spring cloud gateway versions 3.1.x prior to 3.1.1+, 3.0.x prior to 3.0.7+ and all old and unsupported versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-17T00:00:00.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://tanzu.vmware.com/security/cve-2022-22947"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "http://packetstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "http://packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2022-22947",
"datePublished": "2022-03-03T00:00:00.000Z",
"dateReserved": "2022-01-10T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:15:45.220Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22051 (GCVE-0-2021-22051)
Vulnerability from cvelistv5 – Published: 2021-11-08 13:37 – Updated: 2024-08-03 18:30
VLAI
Summary
Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer.
Severity
No CVSS data available.
CWE
- Specifically crafted requests could make an extra request on downstream services.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://tanzu.vmware.com/security/cve-2021-22051 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Spring Cloud Gateway |
Affected:
3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older versions
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:30:23.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tanzu.vmware.com/security/cve-2021-22051"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring Cloud Gateway",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Specifically crafted requests could make an extra request on downstream services.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-08T13:37:29.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tanzu.vmware.com/security/cve-2021-22051"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2021-22051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Cloud Gateway",
"version": {
"version_data": [
{
"version_value": "3.0.0 to 3.0.4, 2.2.0.RELEASE to 2.2.9.RELEASE, and older versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.5+, 2.2.x users should upgrade to 2.2.10.RELEASE or newer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Specifically crafted requests could make an extra request on downstream services."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tanzu.vmware.com/security/cve-2021-22051",
"refsource": "MISC",
"url": "https://tanzu.vmware.com/security/cve-2021-22051"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2021-22051",
"datePublished": "2021-11-08T13:37:29.000Z",
"dateReserved": "2021-01-04T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:30:23.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}