CVE-2026-40989
mediumCVSS v3 Base Score
5.7
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H
EPSS Score
0.0%
Exploitation probability in 30 days
Top 95% most likely to be exploited
Attack Characteristics
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Confidentiality
None
Integrity
Low
Availability
High
Vulnerability Report
Generated by CyberWatcher
Description
Under infinite recursion in the routing layer, request-handling can cause OOM error.
Affected Spring Products and Versions:
Spring Cloud Function 3.2.x: versions prior to 3.2.16
Spring Cloud Function 4.1.x: versions prior to 4.1.10
Spring Cloud Function 4.2.x: versions prior to 4.2.6
Spring Cloud Function 4.3.x: versions prior to 4.3.3
Spring Cloud Function 5.0.x: versions prior to 5.0.2
Older, unsupported versions are also affected.
CWE
CWE-674Affected Products
vmware spring cloud function