{
  "threat_severity" : "Important",
  "public_date" : "2026-05-07T03:49:30Z",
  "bugzilla" : {
    "description" : "Spring Cloud Config: spring-cloud-config-server: Spring Cloud Config: Directory traversal allows arbitrary file access",
    "id" : "2467619",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2467619"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.2",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
    "status" : "draft"
  },
  "cwe" : "CWE-22",
  "details" : [ "Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.\nSpring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Enterprise Support Only). Spring Cloud Config 4.1.x: affected from 4.1.0 through 4.1.9 (inclusive); upgrade to 4.1.10 or greater (Enterprise Support Only). Spring Cloud Config 4.2.x: affected from 4.2.0 through 4.2.6 (inclusive); upgrade to 4.2.7 or greater (Enterprise Support Only). Spring Cloud Config 4.3.x: affected from 4.3.0 through 4.3.2 (inclusive); upgrade to 4.3.3 or greater. Spring Cloud Config 5.0.x: affected from 5.0.0 through 5.0.2 (inclusive); upgrade to 5.0.3 or greater.", "A flaw was found in Spring Cloud Config. A remote attacker can exploit a directory traversal vulnerability by sending a specially crafted URL to the spring-cloud-config-server module. This allows the attacker to access arbitrary text and binary files on the system." ],
  "statement" : "Red Hat systems are configured by default to offer a degree of isolation for system services. Attackers who are able to exploit this flaw will have access which is limited to the scope of the service account in which the spring server operates.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Affected",
    "package_name" : "log4j:2/log4j",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack",
    "fix_state" : "Not affected",
    "package_name" : "spring-cloud-config-server",
    "cpe" : "cpe:/a:redhat:jbosseapxp"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-40982\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-40982\nhttps://spring.io/security/cve-2026-40982" ],
  "name" : "CVE-2026-40982",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}