CVE-2026-40989

Published: Giu 01, 2026 Last Modified: Giu 01, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,7

Source: [email protected]

Attack Vector: physical

Attack Complexity: low

Privileges Required: low

User Interaction: required

Scope: changed

Confidentiality: none

Integrity: low

Availability: high

Description

AI Translation Available

Under infinite recursion in the routing layer, request-handling can cause OOM error.

Affected Spring Products and Versions:
Spring Cloud Function 3.2.x: versions prior to 3.2.16
Spring Cloud Function 4.1.x: versions prior to 4.1.10
Spring Cloud Function 4.2.x: versions prior to 4.2.6
Spring Cloud Function 4.3.x: versions prior to 4.3.3
Spring Cloud Function 5.0.x: versions prior to 5.0.2
Older, unsupported versions are also affected.

674

Uncontrolled Recursion

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Confidentiality

Potential Impacts:

Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Read Application Data

Applicable Platforms

All platforms may be affected

View CWE Details

https://spring.io/security/cve-2026-40989

CVE-2026-40989

Description

Uncontrolled Recursion

Common Consequences

Applicable Platforms

Iscriviti alla newsletter