Description
When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead.
Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud Gateway 4.2.0 and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway 4.2.x release newer than 4.2.0  available on Maven Centeral https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/ . Ideally if you are not an enterprise customer, you should be upgrading to 5.0.2 or 5.1.1 which are the current supported open source releases.
Published: 2026-04-10
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: SSL Configuration Bypass
Action: Apply Patch
AI Analysis

Impact

The vulnerability causes Spring Cloud Gateway to ignore the user‑supplied SSL bundle configured through spring.ssl.bundle and default to the platform’s built‑in SSL settings. As a result, connections may be established with unintended certificates or weaker encryption, allowing attackers to eavesdrop, tamper with or downgrade secure traffic. The flaw reflects a configuration control weakness classified as CWE‑15.

Affected Systems

VMware’s Spring Cloud Gateway is affected. The issue targets the 4.2.0 release and any older 4.2.x versions that have not been updated in that branch. The 4.2.x branch no longer receives open‑source support. The current open‑source supported releases 5.0.2 and 5.1.1 are not affected.

Risk and Exploitability

The advisory lists a CVSS score of 7.5, indicating a moderate‑to‑high severity. Its EPSS score is below 1% and it is not included in CISA's KEV catalog, implying a relatively low likelihood of known exploitation. The vulnerability can be leveraged by an attacker who can alter the gateway’s deployment configuration—for example, by compromising configuration files or the systems that inject them—thereby triggering the fallback to default SSL. Restricting configuration access and verifying the applied bundle mitigate the risk.

Generated by OpenCVE AI on April 13, 2026 at 15:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Spring Cloud Gateway to the latest supported release, preferably 5.0.2 or 5.1.1; or if staying on 4.2.x, upgrade to any 4.2.x release newer than 4.2.0 available on Maven Central.
  • Verify that the spring.ssl.bundle property is correctly set and remains intact after deployment; confirm the TLS certificates in use match the intended bundle.
  • Implement access controls on configuration files and directories to prevent unauthorized modifications; regularly audit configuration changes for integrity.

Generated by OpenCVE AI on April 13, 2026 at 15:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-hwqh-2684-54fc Spring Cloud Gateway's SSL bundle configuration silently bypassed
References
Link Providers
https://spring.io/security/cve-2026-22750 cve-icon cve-icon
History

Mon, 13 Apr 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-347
CWE-610

Fri, 10 Apr 2026 14:45:00 +0000

Type Values Removed Values Added
First Time appeared Vmware
Vmware spring Cloud Gateway
Vendors & Products Vmware
Vmware spring Cloud Gateway

Fri, 10 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-15
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 10:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-347
CWE-610

Fri, 10 Apr 2026 08:15:00 +0000

Type Values Removed Values Added
Description When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud Gateway 4.2.0 and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway 4.2.x release newer than 4.2.0  available on Maven Centeral https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/ . Ideally if you are not an enterprise customer, you should be upgrading to 5.0.2 or 5.1.1 which are the current supported open source releases.
Title SSL bundle configuration silently bypassed in Spring Cloud Gateway
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Subscriptions

Vmware Spring Cloud Gateway
cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published:

Updated: 2026-04-10T12:59:14.451Z

Reserved: 2026-01-09T06:55:03.990Z

Link: CVE-2026-22750

cve-icon Vulnrichment

Updated: 2026-04-10T12:59:00.656Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-10T08:16:24.787

Modified: 2026-04-13T15:02:06.187

Link: CVE-2026-22750

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:36:35Z

Weaknesses