PatchSiren cyber security CVE debrief
CVE-2026-41708 Spring CVE debrief
CVE-2026-41708 is a HIGH severity vulnerability in Spring Cloud Sleuth, with a CVSS score of 7.5. The vulnerability allows a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is not disabled. Affected versions include Spring Cloud Sleuth 3.1.0 through 3.1.13.
- Vendor
- Spring
- Product
- Spring Cloud Sleuth
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Spring Cloud Sleuth 3.1.0 through 3.1.13
Technical summary
In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is not disabled.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to a non-vulnerable version of Spring Cloud Sleuth
- Disable Spring TX instrumentation if not required
Evidence notes
The CVE record was published on 2026-06-15T20:16:27.940Z and has not been modified since.
Official resources
-
CVE-2026-41708 CVE record
CVE.org
-
CVE-2026-41708 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-41708 was published on 2026-06-15T20:16:27.940Z.