Spring cloud gateway
This hub aggregates every CVE we track for Spring cloud gateway, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
7
CVEs tracked
2
Critical
3
High
1
In CISA KEV
Severity distribution
HIGH3MEDIUM2CRITICAL2
Monthly trend
0
0
0
0
0
0
0
0
0
0
1
0
0
0
1
0
0
0
0
0
0
1
0
1
2024-072026-06
Latest CVEs
The 7 most recently published vulnerabilities affecting Spring cloud gateway.
- CVE-2026-47825Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situations8.6
- CVE-2026-22750SSL bundle configuration silently bypassed in Spring Cloud Gateway7.5
- CVE-2025-41243Spring Expression Language property modification using Spring Cloud Gateway Server WebFlux10.0
- CVE-2025-41235CVE-2025-41235: Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies8.6
- CVE-2022-22946In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManag...5.5
- CVE-2022-22947In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote a...KEV10.0
- CVE-2021-22051Applications using Spring Cloud Gateway are vulnerable to specifically crafted requests that could make an extra request on downstream services. Users of affected versions should apply the followin...6.5
Product normalization is registry-driven with AI assist and human review. How it works