CVE-2026-47825
Received Received - Intake
Header Injection in Spring Cloud Gateway Server

Publication date: 2026-06-15

Last updated on: 2026-06-15

Assigner: VMware

Description
Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x (fix 3.1.13). Spring Cloud Gateway 4.1.x (fix 4.1.13). Spring Cloud Gateway 4.2.x (fix 4.2.9). Spring Cloud Gateway 4.3.x (fix 4.3.5). Spring Cloud Gateway 5.0.x (fix 5.0.2).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-15
Last Modified
2026-06-15
Generated
2026-06-16
AI Q&A
2026-06-16
EPSS Evaluated
N/A
NVD
CVE-2026-47825
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
vmware spring_cloud_gateway to 3.1.13 (inc)
vmware spring_cloud_gateway to 4.1.13 (inc)
vmware spring_cloud_gateway to 4.2.9 (inc)
vmware spring_cloud_gateway to 4.3.5 (inc)
vmware spring_cloud_gateway to 5.0.2 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-346 The product does not properly verify that the source of data or communication is valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs in Spring Cloud Gateway Server where it forwards the X-Forwarded-For and Forwarded headers from untrusted proxies under certain configuration scenarios. This behavior affects both the WebMVC and WebFlux Gateway Servers.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade your Spring Cloud Gateway to a fixed version. The affected versions and their fixed releases are:

  • Spring Cloud Gateway 3.1.x - upgrade to 3.1.13 or later
  • Spring Cloud Gateway 4.1.x - upgrade to 4.1.13 or later
  • Spring Cloud Gateway 4.2.x - upgrade to 4.2.9 or later
  • Spring Cloud Gateway 4.3.x - upgrade to 4.3.5 or later
  • Spring Cloud Gateway 5.0.x - upgrade to 5.0.2 or later
Impact Analysis

The vulnerability can allow an attacker to manipulate the X-Forwarded-For and Forwarded headers, potentially leading to incorrect identification of the client's IP address. This can impact security controls that rely on these headers for access control, logging, or rate limiting, possibly enabling unauthorized access or evasion of security measures.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-47825. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart