Primary

Context

Spring Cloud Gateway SSL Bundle Configuration Bypass Vulnerability

Vulnerability

Patched

A vulnerability exists in Spring Cloud Gateway 4.2.0, where the SSL bundle configuration specified by the 'spring.ssl.bundle' property is ignored, defaulting to the standard SSL settings instead. This issue arises because the 4.2.x branch is no longer supported, and users are encouraged to upgrade to version 5.0.2 or 5.1.1, the current supported releases.

Impact

This vulnerability could lead to improper SSL configuration, potentially allowing for man-in-the-middle attacks or other security issues related to SSL/TLS.

Remediation

Users should upgrade to Spring Cloud Gateway version 4.2.1 or any newer release. For those not using an enterprise version, upgrading to 5.0.2 or 5.1.1 is recommended.

Added: Apr 10, 2026, 10:37 AM

Updated: Apr 10, 2026, 10:37 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

7.0

remediation

7.7

relevance

5.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

0.6

exploitability

7.0

remediation

7.7

relevance

5.6

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Spring Cloud Gateway SSL Bundle Configuration Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Spring Cloud Gateway

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating