Spring product security update advisory (CVE-2026-22750).
Affected products and scope of impact.
- the affected product is Spring Cloud Gateway version 4.2.0.
Vulnerability overview.
- the vulnerability (CVE-2026-22750) is an issue where SSL bundle settings are unceremoniously ignored.
- this could allow an application to establish a connection without applying the intended TLS bundle or verification settings.
Impact.
- Ignoring TLS configuration can lead to a reduction in communication security.
- this could potentially lead to risks such as man-in-the-middle (MITM) attacks or bypassing certificate verification.
Workaround and advisory.
- a patch for the vulnerability is available in Spring Cloud Gateway 4.2.1 and later.
- affected products are advised to upgrade to 4.2.1 or later as soon as possible.
References.
