{"vulnerability": "cve-2026-40982", "sightings": [{"uuid": "957d540f-dbcb-4347-9a14-7eb43d517a2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-40982", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116531411462780607", "content": "\u26a0\ufe0f CRITICAL: CVE-2026-40982 in Spring Cloud Config (3.1.0 \u2013 5.0.0) enables path traversal \u2014 attackers can access arbitrary files via crafted URLs. Upgrade to a safe version ASAP: 3.1.14, 4.1.10, 4.2.7, 4.3.3, or 5.0.3. Details: https://radar.offseq.com/threat/cve-2026-40982-cwe-22-improper-limitation-of-a-pat-df996457 #OffSeq #SpringCloud #CVE202640982", "creation_timestamp": "2026-05-07T04:30:27.681922Z"}, {"uuid": "a33aac8e-e2dc-46cb-827d-c85f823555ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-40982", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mlaeyqh2um2y", "content": "Spring Cloud Config (3.1.0 \u2013 5.0.0) hit by CRITICAL path traversal flaw \u2014 attackers may access files via crafted URLs. Upgrade to 3.1.14, 4.1.10, 4.2.7, 4.3.3, or 5.0.3 now! https://radar.offseq.com/threat/cve-2026-40982-cwe-22-improper-limitation-of-a-pat-df996457 #OffSeq #SpringCloud #CVE202640982", "creation_timestamp": "2026-05-07T04:30:29.452864Z"}, {"uuid": "e1b1f2a3-eed9-4929-957f-a657f69d3c15", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40982", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mlai3lq23y2p", "content": "CVE-2026-40982 - Spring Cloud Config Directory Traversal Vulnerability\nCVE ID : CVE-2026-40982\n \n Published : May 7, 2026, 3:49 a.m. | 35\u00a0minutes ago\n \n Description : Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-conf...", "creation_timestamp": "2026-05-07T05:25:46.120237Z"}, {"uuid": "bc9e001b-f6fc-4269-9611-e0cf8ec4fb8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40982", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mlbh3arwaw2e", "content": "\ud83d\udd17 CVE : CVE-2026-40981, CVE-2026-40982, CVE-2026-41002, CVE-2026-41004", "creation_timestamp": "2026-05-07T14:40:20.407806Z"}, {"uuid": "ee676326-2996-41b8-a279-166e4ff579b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-40982", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/spring-security-advisory-av26-431", "content": "", "creation_timestamp": "2026-05-07T06:48:23.000000Z"}, {"uuid": "c1398d9b-3d96-40b2-ba85-0e5333228e86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-40982", "type": "seen", "source": "https://www.acn.gov.it/portale/w/rilevate-vulnerabilita-in-spring-cloud-config", "content": "", "creation_timestamp": "2026-05-07T07:29:50.000000Z"}, {"uuid": "b8a0d20d-3019-459f-b637-ed169f6da997", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-40982", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mma6jybelc2w", "content": "\u300cSpring Cloud Config\u300d\u306b\u30d1\u30b9\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u306a\u3069\u8907\u6570\u8106\u5f31\u6027\n\n\u5206\u6563\u30b7\u30b9\u30c6\u30e0\u3084\u30de\u30a4\u30af\u30ed\u30b5\u30fc\u30d3\u30b9\u74b0\u5883\u306e\u8a2d\u5b9a\u7ba1\u7406\u30c4\u30fc\u30eb\u300cSpring Cloud Config\u300d\u306b\u8907\u6570\u306e\u8106\u5f31\u6027\u304c\u660e\u3089\u304b\u3068\u306a\u3063\u305f\u3002\n\n\u958b\u767a\u30c1\u30fc\u30e0\u306f\u73fe\u5730\u6642\u95932026\u5e745\u67086\u65e5\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30c9\u30d0\u30a4\u30b6\u30ea\u3092\u516c\u958b\u3057\u30014\u4ef6\u306e\u8106\u5f31\u6027\u3092\u660e\u3089\u304b\u306b\u3057\u305f\u3002\n\n\u30e2\u30b8\u30e5\u30fc\u30eb\u3092\u901a\u3058\u3066\u30c6\u30ad\u30b9\u30c8\u30d5\u30a1\u30a4\u30eb\u3084\u30d0\u30a4\u30ca\u30ea\u30d5\u30a1\u30a4\u30eb\u3092\u914d\u4fe1\u3059\u308b\u69cb\u6210\u306e\u5834\u5408\u3001\u7d30\u5de5\u3057\u305fURL\u306b\u3088\u3063\u3066\u30ea\u30e2\u30fc\u30c8\u304b\u3089\u8a8d\u8a3c\u3092\u5fc5\u8981\u3068\u3059\u308b\u3053\u3068\u306a\u304f\u30d5\u30a1\u30a4\u30eb\u30a2\u30af\u30bb\u30b9\u304c\u53ef\u80fd\u3068\u306a\u308b\u30d1\u30b9\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u306e\u8106\u5f31\u6027\u300cCVE-2026-40982\u300d\u304c\u78ba\u8a8d\u3055\u308c\u305f\u3002\n\n\u5171\u901a\u8106\u5f31\u6027\u8a55\u4fa1\u30b7\u30b9\u30c6\u30e0\u300cCVSSv3.1\u300d\u306e\u30d9\u30fc...", "creation_timestamp": "2026-05-19T20:00:03.828085Z"}]}