SSL Configuration Vulnerability in Spring Cloud Gateway by Spring
CVE-2026-22750

7.5HIGH

Key Information:

Vendor: Vmware
Status: Spring Cloud Gateway
Vendor: CVE Published:; 10 April 2026

What is CVE-2026-22750?

A configuration oversight in Spring Cloud Gateway allows users to specify SSL bundles through the 'spring.ssl.bundle' property, but the settings are overlooked, resulting in default SSL configurations being applied. This can expose applications to potential security risks if proper SSL configurations are essential for their operation. Users on unsupported branches, particularly those utilizing Spring Cloud Gateway version 4.2.0, should promptly upgrade to supported versions such as 5.0.2 or 5.1.1 to mitigate this oversight.

Affected Version(s)

Spring Cloud Gateway 4.2.0 < 4.2.1

References

https://spring.io/security/cve-2026-22750

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2026
Vulnerability Reserved
Jan 9, 2026

CVE-2026-22750 Data

JSON

Vmware

What is CVE-2026-22750?

Affected Version(s)

References

CVSS V3.1

Timeline