Ddos 
A significant security flaw has been identified in Spring Cloud Config, a popular framework used to provide server and client-side support for externalized configuration in distributed systems. The vulnerability, tracked as CVE-2026-22739, carries a high-severity CVSS score of 8.6 and could allow attackers to step outside intended security boundaries to access sensitive local files or launch server-side attacks.
The issue centers on how the “profile” parameter is handled during request substitution, leading to two distinct and dangerous attack vectors.
Spring Cloud Config Server allows developers to manage configuration across various environments (like “development” or “production”) using profiles. However, researchers discovered that this parameter could be manipulated:
- Unintended File Access: When the server is configured to use a native file system as a backend, an attacker can substitute the profile parameter to “access files outside of the configured search directories”. This is essentially a directory traversal attack that could expose system-level secrets or configuration data not intended for public view.
- SSRF Attacks: In environments using a source control backend, the profile parameter can be substituted into the URL that points to the repository. This makes it possible to perform Server-Side Request Forgery (SSRF) attacks, where the server is tricked into making unauthorized requests to internal or external systems.
This vulnerability impacts a wide range of Spring Cloud Config versions, including several that are no longer officially supported.
The primary remediation for CVE-2026-22739 is to upgrade to a fixed version as soon as possible. Availability for these patches varies depending on your support tier:
| Affected Version(s) | Fix Version | Availability |
| 5.0.x | 5.0.2 |
OSS (Open Source) |
| 4.3.x | 4.3.2 |
OSS (Open Source) |
| 4.2.x | 4.2.6 |
Enterprise Support Only |
| 4.1.x | 4.1.9 |
Enterprise Support Only |
| 3.1.x | 3.1.13 |
Enterprise Support Only |
For those running older, unsupported versions, the risk is even higher, and an immediate migration to a patched branch is strongly recommended.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
