VYPR

Maven package

org.springframework.cloud/spring-cloud-config

pkg:maven/org.springframework.cloud/spring-cloud-config

Vulnerabilities (1)

  • CVE-2026-40981HigMay 7, 2026
    affected >= 3.1.0, <= 3.1.13

    When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1