{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22750", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2026-01-09T06:55:03.990Z", "datePublished": "2026-04-10T07:32:31.260Z", "dateUpdated": "2026-04-10T12:59:14.451Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2026-04-10T07:32:31.260Z"}, "title": "SSL bundle configuration silently bypassed in Spring Cloud Gateway", "datePublic": "2026-04-09T14:15:00.000Z", "affected": [{"vendor": "VMware", "product": "Spring Cloud Gateway", "packageName": "Spring Cloud Gateway", "versions": [{"status": "affected", "version": "4.2.0", "lessThan": "4.2.1", "versionType": "ENTERPRISE"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "When configuring SSL bundles in Spring Cloud Gateway by using the configuration property\u00a0spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead.\nNote: The\u00a04.2.x\u00a0branch is no longer under open source support. If you are using Spring Cloud Gateway\u00a04.2.0\u00a0and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway\u00a04.2.x\u00a0release newer than\u00a04.2.0\u00a0 available on Maven Centeral https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/ . Ideally if you are not an enterprise customer, you should be upgrading to\u00a05.0.2\u00a0or\u00a05.1.1\u00a0which are the current supported open source releases.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "When configuring SSL bundles in Spring Cloud Gateway by using the configuration property&nbsp;<code>spring.ssl.bundle</code>, the configuration was silently ignored and the default SSL configuration was used instead.<br>Note: The&nbsp;<code>4.2.x</code>&nbsp;branch is no longer under open source support. If you are using Spring Cloud Gateway&nbsp;<code>4.2.0</code>&nbsp;and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway&nbsp;<code>4.2.x</code>&nbsp;release newer than&nbsp;<code>4.2.0</code>&nbsp;<a href=\"https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/\">available on Maven Centeral</a>. Ideally if you are not an enterprise customer, you should be upgrading to&nbsp;<code>5.0.2</code>&nbsp;or&nbsp;<code>5.1.1</code>&nbsp;which are the current supported open source releases."}]}], "references": [{"url": "https://spring.io/security/cve-2026-22750"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseSeverity": "HIGH", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-15", "lang": "en", "description": "CWE-15 External Control of System or Configuration Setting"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-10T12:59:10.606788Z", "id": "CVE-2026-22750", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T12:59:14.451Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22750", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-10T12:59:10.606788Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-15", "description": "CWE-15 External Control of System or Configuration Setting"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-10T12:59:00.656Z"}}], "cna": {"title": "SSL bundle configuration silently bypassed in Spring Cloud Gateway", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "VMware", "product": "Spring Cloud Gateway", "versions": [{"status": "affected", "version": "4.2.0", "lessThan": "4.2.1", "versionType": "ENTERPRISE"}], "packageName": "Spring Cloud Gateway", "defaultStatus": "unaffected"}], "datePublic": "2026-04-09T14:15:00.000Z", "references": [{"url": "https://spring.io/security/cve-2026-22750"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "When configuring SSL bundles in Spring Cloud Gateway by using the configuration property\u00a0spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead.\nNote: The\u00a04.2.x\u00a0branch is no longer under open source support. If you are using Spring Cloud Gateway\u00a04.2.0\u00a0and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway\u00a04.2.x\u00a0release newer than\u00a04.2.0\u00a0 available on Maven Centeral https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/ . Ideally if you are not an enterprise customer, you should be upgrading to\u00a05.0.2\u00a0or\u00a05.1.1\u00a0which are the current supported open source releases.", "supportingMedia": [{"type": "text/html", "value": "When configuring SSL bundles in Spring Cloud Gateway by using the configuration property&nbsp;<code>spring.ssl.bundle</code>, the configuration was silently ignored and the default SSL configuration was used instead.<br>Note: The&nbsp;<code>4.2.x</code>&nbsp;branch is no longer under open source support. If you are using Spring Cloud Gateway&nbsp;<code>4.2.0</code>&nbsp;and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway&nbsp;<code>4.2.x</code>&nbsp;release newer than&nbsp;<code>4.2.0</code>&nbsp;<a href=\"https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/\">available on Maven Centeral</a>. Ideally if you are not an enterprise customer, you should be upgrading to&nbsp;<code>5.0.2</code>&nbsp;or&nbsp;<code>5.1.1</code>&nbsp;which are the current supported open source releases.", "base64": false}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2026-04-10T07:32:31.260Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22750", "state": "PUBLISHED", "dateUpdated": "2026-04-10T12:59:14.451Z", "dateReserved": "2026-01-09T06:55:03.990Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2026-04-10T07:32:31.260Z", "assignerShortName": "vmware"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "When configuring SSL bundles in Spring Cloud Gateway by using the configuration property\u00a0spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead.\nNote: The\u00a04.2.x\u00a0branch is no longer under open source support. If you are using Spring Cloud Gateway\u00a04.2.0\u00a0and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway\u00a04.2.x\u00a0release newer than\u00a04.2.0\u00a0 available on Maven Centeral https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/ . Ideally if you are not an enterprise customer, you should be upgrading to\u00a05.0.2\u00a0or\u00a05.1.1\u00a0which are the current supported open source releases."}], "id": "CVE-2026-22750", "lastModified": "2026-04-13T15:02:06.187", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2026-04-10T08:16:24.787", "references": [{"source": "security@vmware.com", "url": "https://spring.io/security/cve-2026-22750"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-15"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[4.2.0,4.2.1)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Spring Cloud Gateway", "source": "cna", "vendor": "VMware"}, "product": "spring_cloud_gateway", "vendor": "vmware"}], "analysis": {"en": {"generated_at": "2026-04-13T15:57:23.943177+00:00", "value": {"mitigation_remediation": ["Upgrade Spring Cloud Gateway to the latest supported release, preferably 5.0.2 or 5.1.1; or if staying on 4.2.x, upgrade to any 4.2.x release newer than 4.2.0 available on Maven Central.", "Verify that the spring.ssl.bundle property is correctly set and remains intact after deployment; confirm the TLS certificates in use match the intended bundle.", "Implement access controls on configuration files and directories to prevent unauthorized modifications; regularly audit configuration changes for integrity."], "summary": {"action": "Apply Patch", "impact": "SSL Configuration Bypass"}, "threat_synthesis": {"affected_systems": "VMware\u2019s Spring Cloud Gateway is affected. The issue targets the 4.2.0 release and any older 4.2.x versions that have not been updated in that branch. The 4.2.x branch no longer receives open\u2011source support. The current open\u2011source supported releases 5.0.2 and 5.1.1 are not affected.", "description_and_impact": "The vulnerability causes Spring Cloud Gateway to ignore the user\u2011supplied SSL bundle configured through spring.ssl.bundle and default to the platform\u2019s built\u2011in SSL settings. As a result, connections may be established with unintended certificates or weaker encryption, allowing attackers to eavesdrop, tamper with or downgrade secure traffic. The flaw reflects a configuration control weakness classified as CWE\u201115.", "risk_and_exploitability": "The advisory lists a CVSS score of 7.5, indicating a moderate\u2011to\u2011high severity. Its EPSS score is below 1% and it is not included in CISA's KEV catalog, implying a relatively low likelihood of known exploitation. The vulnerability can be leveraged by an attacker who can alter the gateway\u2019s deployment configuration\u2014for example, by compromising configuration files or the systems that inject them\u2014thereby triggering the fallback to default SSL. Restricting configuration access and verifying the applied bundle mitigate the risk."}}}}, "created": "2026-04-10T09:26:27.166364+00:00", "updated": "2026-04-14T16:36:35.554450+00:00", "vendors": ["vmware", "vmware$PRODUCT$spring_cloud_gateway"]}