Primary

Context

Micrometer Denial-of-Service Vulnerability in HTTP Server Instrumentations

Vulnerability

Patched

A denial-of-service vulnerability has been identified in Micrometer's HTTP server instrumentations. Affected users can send specially crafted HTTP requests that lead to a DoS condition. This issue arises in applications using vulnerable versions of 'micrometer-core', 'micrometer-jetty11', or 'micrometer-jetty12', when the HTTP server instrumentations from these artifacts are active and metrics are being recorded.

Impact

Exploitation of this vulnerability can cause a denial-of-service condition, disrupting the normal operation of the affected application by overwhelming the server or causing it to become unresponsive.

Remediation

Users should upgrade to Micrometer versions 1.16.6, 1.15.12, 1.14.16 (Enterprise Support Only), 1.13.19 (Enterprise Support Only) or 1.9.18 (Enterprise Support Only).

Added: Jun 9, 2026, 6:41 AM

Updated: Jun 9, 2026, 6:41 AM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

7.6

remediation

7.7

relevance

9.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

7.6

remediation

7.7

relevance

9.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Micrometer Denial-of-Service Vulnerability in HTTP Server Instrumentations

Vulnerability

Impact

Remediation

Affected Products

Micrometer

Micrometer Jetty11

Micrometer Jetty12

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating