CVE-2026-40989
MEDIUMSpring Cloud Function DoS via Infinite Recursion in Routing Layer
Title source: llmDescription
Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud Function 4.3.x: versions prior to 4.3.3 Spring Cloud Function 5.0.x: versions prior to 5.0.2 Older, unsupported versions are also affected.
References (1)
Core 1
Core References
Vendor Advisory
https://spring.io/security/cve-2026-40989
Scores
CVSS v3
5.7
EPSS
0.0021
EPSS Percentile
11.3%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H
Details
CWE
CWE-674
Status
published
Products (1)
vmware/spring_cloud_function
3.2.0 - 3.2.16
Published
Jun 01, 2026
Tracked Since
Jun 02, 2026