CVE-2026-47825

Summary

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers.

Affected versions: Spring Cloud Gateway 3.1.x (fix 3.1.13). Spring Cloud Gateway 4.1.x (fix 4.1.13). Spring Cloud Gateway 4.2.x (fix 4.2.9). Spring Cloud Gateway 4.3.x (fix 4.3.5). Spring Cloud Gateway 5.0.x (fix 5.0.2).

Affected Software

VendorProductVersion RangeStatus
SpringSpring Cloud Gateway3.1.0 < 3.1.13affected
SpringSpring Cloud Gateway4.1.0 < 4.1.13affected
SpringSpring Cloud Gateway4.2.0 < 4.2.9affected
SpringSpring Cloud Gateway4.3.0 < 4.3.4.1affected
SpringSpring Cloud Gateway5.0.0 < 5.0.1.1affected

Weaknesses

  • CWE-346: CWE-346: Origin Validation Error

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References