CVE-2026-47825

HIGH

Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situations

Title source: cna

Description

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x (fix 3.1.13). Spring Cloud Gateway 4.1.x (fix 4.1.13). Spring Cloud Gateway 4.2.x (fix 4.2.9). Spring Cloud Gateway 4.3.x (fix 4.3.5). Spring Cloud Gateway 5.0.x (fix 5.0.2).

References (1)

Core 1

Core References

https://spring.io/security/cve-2026-47825

Scores

CVSS v3 8.6

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Details

CWE

CWE-346

Status published

Products (5)

Spring/Spring Cloud Gateway 3.1.0 - 3.1.13

Spring/Spring Cloud Gateway 4.1.0 - 4.1.13

Spring/Spring Cloud Gateway 4.2.0 - 4.2.9

Spring/Spring Cloud Gateway 4.3.0 - 4.3.5

Spring/Spring Cloud Gateway 5.0.0 - 5.0.2

Published Jun 15, 2026

Tracked Since Jun 16, 2026