What is CVE-2026-22739?

CVE-2026-22739 is a high-severity vulnerability in Spring Cloud. CVSS score: 8.6/10. Published 2026-03-24.

How severe is CVE-2026-22739?

High severity. CVSS v3 base score is 8.6 out of 10.

Vulnerability in Spring Cloud

CVE-2026-22739

Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible to access files outside of the configure…

EPSS: 0.097 (93.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.6 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L.

Affected products

Spring Cloud — versions 3.1.x, 4.1.x, 4.2.x

References

spring.io/security/cve-2026-22739

Frequently asked questions

What is CVE-2026-22739?: CVE-2026-22739 is a high-severity vulnerability in Spring Cloud. CVSS score: 8.6/10. Published 2026-03-24.
How severe is CVE-2026-22739?: High severity. CVSS v3 base score is 8.6 out of 10.