PatchSiren cyber security CVE debrief
CVE-2026-22750 Vmware CVE debrief
CVE-2026-22750 was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-22750) with a CVSS score of 7.5 and HIGH severity. The vulnerability affects Spring Cloud Gateway, specifically when configuring SSL bundles using the configuration property `spring.ssl.bundle`. The configuration was silently ignored, and the default SSL configuration was used instead. The CVE was modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-22750).
- Vendor
- Vmware
- Product
- Spring Cloud Gateway
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-10
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-04-10
- Advisory updated
- 2026-06-05
Who should care
Users of Spring Cloud Gateway, especially those using version 4.2.0, should be aware of this issue. If you're not an enterprise customer, consider upgrading to a supported open-source release, such as 5.0.2 or 5.1.1.
Technical summary
The vulnerability has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N, indicating a high impact on integrity. It's classified under CWE-15.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade to a supported version of Spring Cloud Gateway (5.0.2 or 5.1.1) if you're not an enterprise customer.
- For enterprise customers or those unable to upgrade, review and adjust your SSL bundle configurations accordingly.
Evidence notes
Evidence from NVD and CVE.org confirms the vulnerability details and affected versions.
Official resources
-
CVE-2026-22750 CVE record
CVE.org
-
CVE-2026-22750 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-22750 was disclosed on April 10, 2026, and last modified on June 5, 2026.