CVE-2026-40990
mediumCVSS v3 Base Score
5.7
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H
EPSS Score
0.0%
Exploitation probability in 30 days
Top 95% most likely to be exploited
Attack Characteristics
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Confidentiality
None
Integrity
Low
Availability
High
Vulnerability Report
Generated by CyberWatcher
Description
OOM error is possible while attempting to add infinite amount of functions to Function Registry.
Affected Spring Products and Versions:
Spring Cloud Function 3.2.x: versions prior to 3.2.16
Spring Cloud Function 4.1.x: versions prior to 4.1.10
Spring Cloud Function 4.2.x: versions prior to 4.2.6
Spring Cloud Function 4.3.x: versions prior to 4.3.3
Spring Cloud Function 5.0.x: versions prior to 5.0.2
Older, unsupported versions are also affected.
CWE
CWE-770Affected Products
vmware spring cloud function