CVE-2026-40990

Published: Giu 01, 2026 Last Modified: Giu 01, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 5,7

Source: [email protected]

Attack Vector: physical

Attack Complexity: low

Privileges Required: low

User Interaction: required

Scope: changed

Confidentiality: none

Integrity: low

Availability: high

Description

AI Translation Available

OOM error is possible while attempting to add infinite amount of functions to Function Registry.

Affected Spring Products and Versions:
Spring Cloud Function 3.2.x: versions prior to 3.2.16
Spring Cloud Function 4.1.x: versions prior to 4.1.10
Spring Cloud Function 4.2.x: versions prior to 4.2.6
Spring Cloud Function 4.3.x: versions prior to 4.3.3
Spring Cloud Function 5.0.x: versions prior to 5.0.2
Older, unsupported versions are also affected.

770

Allocation of Resources Without Limits or Throttling

Incomplete

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Availability

Potential Impacts:

Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other)

Applicable Platforms

All platforms may be affected

Likelihood of Exploit: High

View CWE Details

https://spring.io/security/cve-2026-40990

CVE-2026-40990

Description

Allocation of Resources Without Limits or Throttling

Common Consequences

Applicable Platforms

Iscriviti alla newsletter