PatchSiren cyber security CVE debrief
CVE-2026-47825 Spring CVE debrief
CVE-2026-47825 is a high-severity vulnerability affecting Spring Cloud Gateway Server. The vulnerability allows for header injection attacks due to the forwarding of X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both WebMVC and WebFlux Gateway Servers. The affected versions are Spring Cloud Gateway 3.1.x (fix 3.1.13), 4.1.x (fix 4.1.13), 4.2.x (fix 4.2.9), 4.3.x (fix 4.3.5), and 5.0.x (fix 5.0.2). The CVSS score for this vulnerability is 8.6, indicating a high severity.
- Vendor
- Spring
- Product
- Spring Cloud Gateway
- CVSS
- HIGH 8.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-16
Who should care
Users of Spring Cloud Gateway Server, particularly those using affected versions, should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability arises from the improper handling of X-Forwarded-For and Forwarded headers in Spring Cloud Gateway Server. When certain configurations are used, the server forwards these headers from untrusted proxies, potentially leading to header injection attacks.
Defensive priority
High
Recommended defensive actions
- Upgrade to a fixed version of Spring Cloud Gateway Server: 3.1.13, 4.1.13, 4.2.9, 4.3.5, or 5.0.2.
- Review and adjust configuration scenarios to prevent forwarding of X-Forwarded-For and Forwarded headers from untrusted proxies.
Evidence notes
The CVE record and NVD detail provide official information on the vulnerability. Additional details can be found in the source reference.
Official resources
-
CVE-2026-47825 CVE record
CVE.org
-
CVE-2026-47825 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-47825 was published on 2026-06-15T21:17:13.650Z and has not been modified since.