Denial-of-Service Vulnerability in Spring Cloud Sleuth by Spring
CVE-2026-41708

7.5HIGH

Key Information:

Vendor: Spring
Status: Spring Cloud Sleuth
Vendor: CVE Published:; 15 June 2026

What is CVE-2026-41708?

A denial-of-service vulnerability exists in Spring Cloud Sleuth, allowing an attacker to exploit specifically crafted requests that can lead to service interruptions. This issue is present in versions 3.1.0 to 3.1.13, particularly when the application utilizes vulnerable Spring TX instrumentation components. Organizations using these versions must ensure appropriate mitigations are in place to avert potential disruptions in service.

Affected Version(s)

Spring Cloud Sleuth 3.1.0 < 3.1.14

References

https://spring.io/security/cve-2026-41708

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2026
Vulnerability Reserved
Apr 22, 2026

CVE-2026-41708 Data

JSON