17 vulnerabilities across 15 products scored HIGH or above on June 15, 2026.
HIGH: 17 [HIGH] spring/spring_cloud_gateway 1 CVE | CVSS 3.1: 8.6 | AAS 11.4
cpe:2.3:a:spring:spring_cloud_gateway:*:*:*:*:*:*:*:* (>= 3.1.0, < 3.1.13) cpe:2.3:a:spring:spring_cloud_gateway:*:*:*:*:*:*:*:* (>= 4.1.0, < 4.1.13) cpe:2.3:a:spring:spring_cloud_gateway:*:*:*:*:*:*:*:* (>= 4.2.0, < 4.2.9) cpe:2.3:a:spring:spring_cloud_gateway:*:*:*:*:*:*:*:* (>= 4.3.0, < 4.3.5) cpe:2.3:a:spring:spring_cloud_gateway:*:*:*:*:*:*:*:* (>= 5.0.0, < 5.0.2) Spring Cloud Gateway versions 3.1.x through 5.0.x are vulnerable to header spoofing attacks (CVE-2026-47825, CVSS 8.6) in both WebMVC and WebFlux implementations when certain proxy configurations forward untrusted headers. Attackers can manipulate X-Forwarded-For and Forwarded headers to bypass authentication or redirect traffic in affected deployments. Organizations should upgrade to patched versions 3.1.13, 4.1.13, 4.2.9, 4.3.5, or 5.0.2 immediately, or disable untrusted proxy header forwarding in their configuration.
...