https://feed.craftedsignal.io/tags/spring-cloud/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 24 Mar 2026 01:17:00 +0000https://feed.craftedsignal.io/briefs/2026-03-spring-cloud-path-traversal/Tue, 24 Mar 2026 01:17:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-spring-cloud-path-traversal/A path traversal vulnerability exists in Spring Cloud Config Server versions 3.1.x before 3.1.13, 4.1.x before 4.1.9, 4.2.x before 4.2.3, 4.3.x before 4.3.2, and 5.0.x before 5.0.2, allowing unauthenticated remote attackers to access files outside configured search directories when using the native file system backend.<p>CVE-2026-22739 describes a path traversal vulnerability affecting Spring Cloud Config Server. The vulnerability arises when the Config Server is configured with the native file system backend and processes a request containing a profile parameter. An attacker can manipulate this parameter to access files outside the intended search directories. This issue impacts Spring Cloud versions 3.1.x before 3.1.13, 4.1.x before 4.1.9, 4.2.x before 4.2.3, 4.3.x before 4.3.2, and 5.0.x before 5.0.2. This…</p> highadvisorycve-2026-22739path-traversalspring-cloud