CVE-2026-47825

Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situations

CVSS 8.6 HIGHEPSS 0.1%CWE-346

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x (fix 3.1.13). Spring Cloud Gateway 4.1.x (fix 4.1.13). Spring Cloud Gateway 4.2.x (fix 4.2.9). Spring Cloud Gateway 4.3.x (fix 4.3.5). Spring Cloud Gateway 5.0.x (fix 5.0.2).

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Affected products

Spring · Spring Cloud Gateway

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://spring.io/security/cve-2026-47825