{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-22739/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["cve-2026-22739","path-traversal","spring-cloud"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eCVE-2026-22739 describes a path traversal vulnerability affecting Spring Cloud Config Server. The vulnerability arises when the Config Server is configured with the native file system backend and processes a request containing a profile parameter. An attacker can manipulate this parameter to access files outside the intended search directories. This issue impacts Spring Cloud versions 3.1.x before 3.1.13, 4.1.x before 4.1.9, 4.2.x before 4.2.3, 4.3.x before 4.3.2, and 5.0.x before 5.0.2. This…\u003c/p\u003e\n","date_modified":"2026-03-24T01:17:00Z","date_published":"2026-03-24T01:17:00Z","id":"/briefs/2026-03-spring-cloud-path-traversal/","summary":"A path traversal vulnerability exists in Spring Cloud Config Server versions 3.1.x before 3.1.13, 4.1.x before 4.1.9, 4.2.x before 4.2.3, 4.3.x before 4.3.2, and 5.0.x before 5.0.2, allowing unauthenticated remote attackers to access files outside configured search directories when using the native file system backend.","title":"Spring Cloud Config Server Path Traversal Vulnerability (CVE-2026-22739)","url":"https://feed.craftedsignal.io/briefs/2026-03-spring-cloud-path-traversal/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-22739","version":"https://jsonfeed.org/version/1.1"}