← voltar
CVE-2026-47825

Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situations

CVSS 8.6 HIGHEPSS 0.1%CWE-346
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x (fix 3.1.13). Spring Cloud Gateway 4.1.x (fix 4.1.13). Spring Cloud Gateway 4.2.x (fix 4.2.9). Spring Cloud Gateway 4.3.x (fix 4.3.5). Spring Cloud Gateway 5.0.x (fix 5.0.2).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
Produtos afetados
Spring · Spring Cloud Gateway

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://spring.io/security/cve-2026-47825