#VU125720 Configuration in Spring Cloud Gateway - CVE-2026-22750
Published: April 9, 2026
Vulnerability identifier: #VU125720
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-22750
CWE-ID: CWE-16
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Spring Cloud Gateway
Spring Cloud Gateway
Software vendor:
VMware, Inc
VMware, Inc
Description
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to improper security configuration in SSL bundle configuration handling when processing the spring.ssl.bundle configuration property. A remote attacker can exploit the use of the default SSL configuration to disclose sensitive information.
The configured SSL bundle is silently ignored and the default SSL configuration is used instead.
Remediation
Install security update from vendor's website.