VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-4rv4-nm53-bya6

Essentials
Severities (16)
References (8)
Severity details (14)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-4rv4-nm53-bya6
Aliases	CVE-2026-22739 GHSA-3qwq-q9vm-5j42
Summary	Vulnerability in Spring Cloud when substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, because it was possible to access files outside of the configured search directories.This issue affects Spring Cloud: from 3.1.X before 3.1.13, from 4.1.X before 4.1.9, from 4.2.X before 4.2.3, from 4.3.X before 4.3.2, from 5.0.X before 5.0.2.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.09681	https://api.first.org/data/v1/epss?cve=CVE-2026-22739
epss	0.09681	https://api.first.org/data/v1/epss?cve=CVE-2026-22739
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-3qwq-q9vm-5j42
cvssv3.1	8.6	https://github.com/spring-cloud/spring-cloud-config
generic_textual	HIGH	https://github.com/spring-cloud/spring-cloud-config
cvssv3.1	8.6	https://github.com/spring-cloud/spring-cloud-config/commit/1870f07befd5f62edcfdaea5ad82441d0fd49912
generic_textual	HIGH	https://github.com/spring-cloud/spring-cloud-config/commit/1870f07befd5f62edcfdaea5ad82441d0fd49912
cvssv3.1	8.6	https://github.com/spring-cloud/spring-cloud-config/releases/tag/v4.3.2
generic_textual	HIGH	https://github.com/spring-cloud/spring-cloud-config/releases/tag/v4.3.2
cvssv3.1	8.6	https://github.com/spring-cloud/spring-cloud-config/releases/tag/v5.0.2
generic_textual	HIGH	https://github.com/spring-cloud/spring-cloud-config/releases/tag/v5.0.2
cvssv3.1	8.6	https://nvd.nist.gov/vuln/detail/CVE-2026-22739
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2026-22739
cvssv3.1	8.6	https://spring.io/security/cve-2026-22739
generic_textual	HIGH	https://spring.io/security/cve-2026-22739
ssvc	Track	https://spring.io/security/cve-2026-22739

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2026-22739
		https://github.com/spring-cloud/spring-cloud-config
		https://github.com/spring-cloud/spring-cloud-config/commit/1870f07befd5f62edcfdaea5ad82441d0fd49912
		https://github.com/spring-cloud/spring-cloud-config/releases/tag/v4.3.2
		https://github.com/spring-cloud/spring-cloud-config/releases/tag/v5.0.2
		https://nvd.nist.gov/vuln/detail/CVE-2026-22739
cve-2026-22739		https://spring.io/security/cve-2026-22739
GHSA-3qwq-q9vm-5j42		https://github.com/advisories/GHSA-3qwq-q9vm-5j42

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Found at https://github.com/spring-cloud/spring-cloud-config

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Found at https://github.com/spring-cloud/spring-cloud-config/commit/1870f07befd5f62edcfdaea5ad82441d0fd49912

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Found at https://github.com/spring-cloud/spring-cloud-config/releases/tag/v4.3.2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Found at https://github.com/spring-cloud/spring-cloud-config/releases/tag/v5.0.2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2026-22739

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L Found at https://spring.io/security/cve-2026-22739

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-24T14:40:20Z/ Found at https://spring.io/security/cve-2026-22739

Exploit Prediction Scoring System (EPSS)

Percentile	0.93089
EPSS Score	0.09681
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T16:53:01.475961+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2026/22xxx/CVE-2026-22739.json	38.6.0