CVE-2026-40981

HIGH EPSS 29.8%

Published May 7, 20261mo ago · Modified Jun 17, 20261w ago

7.5 CVSS 3.1

High

Published May 7, 2026 1mo ago

Last Modified Jun 17, 2026 1w ago

Description

When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Enterprise Support Only). Spring Cloud Config 4.1.x: affected from 4.1.0 through 4.1.9 (inclusive); upgrade to 4.1.10 or greater (Enterprise Support Only). Spring Cloud Config 4.2.x: affected from 4.2.0 through 4.2.6 (inclusive); upgrade to 4.2.7 or greater (Enterprise Support Only). Spring Cloud Config 4.3.x: affected from 4.3.0 through 4.3.2 (inclusive); upgrade to 4.3.3 or greater. Spring Cloud Config 5.0.x: affected from 5.0.0 through 5.0.2 (inclusive); upgrade to 5.0.3 or greater.

CVSS Details

Base Score

7.5

Exploitability

3.9

Impact

3.6

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity None

Availability None

Threat Intelligence

EPSS Exploit Probability

29.8% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-639

Affected Products 5

Vendor	Product	Version	Range
vmware	spring_cloud_config	*	≥3.1.0 – <3.1.14
vmware	spring_cloud_config	*	≥4.1.0 – <4.1.10
vmware	spring_cloud_config	*	≥4.2.0 – <4.2.7
vmware	spring_cloud_config	*	≥4.3.0 – <4.3.3
vmware	spring_cloud_config	*	≥5.0.0 – <5.0.3

References 1

spring.io https://spring.io/security/cve-2026-40981

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.