CVE-2026-22750

CWE-153 documents3 sources
Severity
7.5HIGH
EPSS
0.0%
top 90.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vmware Spring Cloud Gateway
Timeline
PublishedApr 10

Description

When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud Gateway 4.2.0 and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway 4.2.x release newer than 4.2.0 available on Maven Centeral https://repo1.maven.org/maven2/org/springframework/clou

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5vmware/spring_cloud_gateway4.2.04.2.1

🔴Vulnerability Details

2
CVEList
SSL bundle configuration silently bypassed in Spring Cloud Gateway2026-04-10
GHSA
Spring Cloud Gateway's SSL bundle configuration silently bypassed2026-04-10
CVE-2026-22750 (HIGH CVSS 7.5) | When configuring SSL bundles in Spr | cvebase.io