Spring Cloud Config Server Path Traversal Vulnerability (CVE-2026-22739)
A path traversal vulnerability exists in Spring Cloud Config Server versions 3.1.x before 3.1.13, 4.1.x before 4.1.9, 4.2.x before 4.2.3, 4.3.x before 4.3.2, and 5.0.x before 5.0.2, allowing unauthenticated remote attackers to access files outside configured search directories when using the native file system backend.
CVE-2026-22739 describes a path traversal vulnerability affecting Spring Cloud Config Server. The vulnerability arises when the Config Server is configured with the native file system backend and processes a request containing a profile parameter. An attacker can manipulate this parameter to access files outside the intended search directories. This issue impacts Spring Cloud versions 3.1.x before 3.1.13, 4.1.x before 4.1.9, 4.2.x before 4.2.3, 4.3.x before 4.3.2, and 5.0.x before 5.0.2. This…
Detection coverage 2
Detect Path Traversal in Spring Cloud Config Server Profile Parameter
highDetects path traversal attempts in requests to Spring Cloud Config Server by looking for '../' sequences in the profile parameter.
Detect Path Traversal in Spring Cloud Config Server URL
highDetects path traversal attempts in URL requests to Spring Cloud Config Server by looking for '../' sequences in the URL.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1
url