Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/81087?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81087?format=api", "vulnerability_id": "VCID-b548-vbfs-xugq", "summary": "The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use (TOCTOU) attacks.\nSpring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Enterprise Support Only). Spring Cloud Config 4.1.x: affected from 4.1.0 through 4.1.9 (inclusive); upgrade to 4.1.10 or greater (Enterprise Support Only). Spring Cloud Config 4.2.x: affected from 4.2.0 through 4.2.6 (inclusive); upgrade to 4.2.7 or greater (Enterprise Support Only). Spring Cloud Config 4.3.x: affected from 4.3.0 through 4.3.2 (inclusive); upgrade to 4.3.3 or greater. Spring Cloud Config 5.0.x: affected from 5.0.0 through 5.0.2 (inclusive); upgrade to 5.0.3 or greater.", "aliases": [ { "alias": "CVE-2026-41002" }, { "alias": "GHSA-86wq-234q-r6wg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1060922?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4rv4-nm53-bya6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/375835?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.3.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.3.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/375836?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@5.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@5.0.3" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1060911?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060912?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060913?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060914?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060915?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060916?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060917?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060918?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060919?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060920?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060921?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-4rv4-nm53-bya6" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/1087174?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@3.1.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060923?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060924?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060925?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060926?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060927?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060928?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060929?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060930?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-4rv4-nm53-bya6" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/1087175?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060931?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-4rv4-nm53-bya6" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060932?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060933?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.2.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060934?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.2.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060935?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-4rv4-nm53-bya6" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1087177?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060936?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-4rv4-nm53-bya6" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060937?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/375276?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@4.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060938?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@5.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060939?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@5.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@5.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/375277?format=api", "purl": "pkg:maven/org.springframework.cloud/spring-cloud-config-server@5.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1vzp-x3f4-aqay" }, { "vulnerability": "VCID-b548-vbfs-xugq" }, { "vulnerability": "VCID-je53-ksaj-sqch" }, { "vulnerability": "VCID-zjpq-btz8-rkan" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.cloud/spring-cloud-config-server@5.0.2" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41002", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01995", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01983", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01987", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.01986", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41002" }, { "reference_url": "https://github.com/spring-cloud/spring-cloud-config", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/spring-cloud/spring-cloud-config" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41002" }, { "reference_url": "https://spring.io/security/cve-2026-41002", "reference_id": "cve-2026-41002", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N" }, { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-07T12:56:52Z/" } ], "url": "https://spring.io/security/cve-2026-41002" }, { "reference_url": "https://github.com/advisories/GHSA-86wq-234q-r6wg", "reference_id": "GHSA-86wq-234q-r6wg", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-86wq-234q-r6wg" } ], "weaknesses": [ { "cwe_id": 367, "name": "Time-of-check Time-of-use (TOCTOU) Race Condition", "description": "The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b548-vbfs-xugq" }