VMware Spring Cloud Config
Moderate fix5 remedies
cpe:2.3:a:vmware:spring_cloud_config:*:*:*:*:*:*:*
Moderate fix5 remedies
- >= 3.1.0, <= 3.1.13
- >= 4.1.0, <= 4.1.9
- >= 4.2.0, <= 4.2.6
- >= 4.3.0, <= 4.3.2
- >= 5.0.0, <= 5.0.2
Spring Cloud Config Directory Traversal Vulnerability in Config Server Module
Vulnerability
Patched
A directory traversal vulnerability has been identified in the Spring Cloud Config Server module, allowing attackers to access arbitrary text and binary files. This issue affects Spring Cloud Config versions 3.1.0 through 3.1.13, 4.1.0 through 4.1.9, 4.2.0 through 4.2.6, 4.3.0 through 4.3.2, and 5.0.0 through 5.0.2. Older, unsupported versions are also affected.
Impact
Exploitation of this vulnerability allows for directory traversal, enabling attackers to access files outside the intended directory.
Remediation
Users should upgrade to Spring Cloud Config version 3.1.14, 4.1.10, 4.2.7, 4.3.3, or 5.0.3, depending on their current version. Versions 4.3.3 and 5.0.3 are available as open-source, while the other mentioned versions are for enterprise support only.
Added: May 7, 2026, 4:42 AM
Updated: May 7, 2026, 4:42 AM
Vulnerability Rating
Custom Algorithm
spread
0.3impact
2.5exploitability
7.0remediation
7.7relevance
7.7threat
0.0urgency
2.9incentive
4.2Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.