Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Spring Cloud Gateway External Control of System or Configuration Setting Vulnerability - CVE-2026-22750 - Vulnerability Database
Spring Cloud Gateway

Spring Cloud Gateway External Control of System or Configuration Setting Vulnerability - CVE-2026-22750

High
Reference: CVE-2026-22750
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2026-22750
Title: Spring Cloud Gateway External Control of System or Configuration Setting Vulnerability
Overview:

When configuring SSL bundles in Spring Cloud Gateway by using the configuration propertyspring.ssl.bundle the configuration was silently ignored and the default SSL configuration was used instead. Note: The4.2.xbranch is no longer under open source support. If you are using Spring Cloud Gateway4.2.0and are not an enterprise customer you can upgrade to any Spring Cloud Gateway4.2.xrelease newer than4.2.0 available on Maven Centeral https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/ . Ideally if you are not an enterprise customer you should be upgrading to5.0.2or5.1.1which are the current supported open source releases.