Description
When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead.
Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud Gateway 4.2.0 and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway 4.2.x release newer than 4.2.0  available on Maven Centeral https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/ . Ideally if you are not an enterprise customer, you should be upgrading to 5.0.2 or 5.1.1 which are the current supported open source releases.
Published: 2026-04-10
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Misconfigured TLS due to ignored SSL bundle configuration
Action: Immediate Patch
AI Analysis

Impact

The vulnerability occurs when the configuration property used to specify SSL bundles in Spring Cloud Gateway is silently ignored, causing the gateway to fall back to its default SSL settings. This misconfiguration means that administrators cannot enforce the intended TLS certificates, key stores, or protocol restrictions. As a result, the gateway may operate with weaker or default TLS settings, potentially exposing traffic to downgrade or man‑in‑the‑middle attacks and bypassing intended authentication or encryption policies.

Affected Systems

This issue affects VMware Spring Cloud Gateway, specifically versions within the 4.2.x branch and the 5.x releases that support the spring.ssl.bundle property. Users of the unsupported 4.2.0 release are particularly at risk if they believe their custom SSL bundle is active.

Risk and Exploitability

The CVSS score of 7.5 categorizes the problem as medium to high severity. Although EPSS data is not available and the vulnerability is not listed in CISA’s KEV catalog, the fact that the configuration is silently ignored makes it exploitable by any party able to influence the gateway’s application configuration or by attackers who rely on the default, potentially insecure, TLS settings. The risk is therefore significant for deployments that depend on the gateway to enforce strict SSL policies.

Generated by OpenCVE AI on April 10, 2026 at 09:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Spring Cloud Gateway 5.0.2 or 5.1.1 if you are not on a supported enterprise version
  • If you are using the 4.2.x branch, upgrade to any release newer than 4.2.0 available on Maven Central
  • After upgrading, verify that the spring.ssl.bundle configuration is accepted and that the intended certificates and key stores are in use
  • Continue to monitor gateway logs for TLS negotiation to confirm secure operation

Generated by OpenCVE AI on April 10, 2026 at 09:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://spring.io/security/cve-2026-22750 cve-icon cve-icon
History

Fri, 10 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Vmware
Vmware spring Cloud Gateway
Vendors & Products Vmware
Vmware spring Cloud Gateway

Fri, 10 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-15
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 10:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-347
CWE-610

Fri, 10 Apr 2026 08:15:00 +0000

Type Values Removed Values Added
Description When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud Gateway 4.2.0 and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway 4.2.x release newer than 4.2.0  available on Maven Centeral https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/ . Ideally if you are not an enterprise customer, you should be upgrading to 5.0.2 or 5.1.1 which are the current supported open source releases.
Title SSL bundle configuration silently bypassed in Spring Cloud Gateway
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Subscriptions

Vmware Spring Cloud Gateway
cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published:

Updated: 2026-04-10T12:59:14.451Z

Reserved: 2026-01-09T06:55:03.990Z

Link: CVE-2026-22750

cve-icon Vulnrichment

Updated: 2026-04-10T12:59:00.656Z

cve-icon NVD

Status : Received

Published: 2026-04-10T08:16:24.787

Modified: 2026-04-10T13:16:44.550

Link: CVE-2026-22750

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-10T14:40:56Z

Weaknesses