Spring Product Security Update Advisory
Security updates have been released to address vulnerabilities in Spring products. the affected products are Spring Cloud Config and Spring AI. The vulnerabilities addressed in Spring Cloud Config are CVE-2026-40981, CVE-2026-40982, and CVE-2026-41002. CVE-2026-40981 is a privilege bypass vulnerability. CVE-2026-40982 is a Directory Path Manipulation vulnerability. CVE-2026-41002 is a TOCTOU
Spring Product Security Update Advisory (CVE-2026-22739)
overview We have released security updates that address vulnerabilities in Spring products. users of affected products are encouraged to update to the latest version. affected products CVE-2026-22739 Spring Cloud Config Version: 3.1.xSpring Cloud Config version: 4.1.xSpring Cloud Config version: 4.2.xSpring Cloud Config version: 4.3.xSpring Cloud Config version: 5.0.x resolved vulnerabilities
