Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in...

8.6 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Description

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers.

Affected versions:
Spring Cloud Gateway 3.1.x (fix 3.1.13).
Spring Cloud Gateway 4.1.x (fix 4.1.13).
Spring Cloud Gateway 4.2.x (fix 4.2.9).
Spring Cloud Gateway 4.3.x (fix 4.3.5).
Spring Cloud Gateway 5.0.x (fix 5.0.2).

AI Analysis

Spring Cloud Gateway Server vulnerability allowing forwarding of X-Forwarded-For and Forwarded headers from untrusted proxies

Basic Information

ID CVE-2026-47825

Source vmware

Published Jun 15, 2026 at 19:34

Affected Product

Vendor Spring

Product Spring Cloud Gateway

Version 3.1.0

Affected Versions Spring Spring Cloud Gateway 3.1.0
Spring Spring Cloud Gateway 4.1.0
Spring Spring Cloud Gateway 4.2.0
Spring Spring Cloud Gateway 4.3.0
Spring Spring Cloud Gateway 5.0.0

CWE Classification

CWE-346

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Spring

Product Spring Cloud Gateway

Version 3.1.x, 4.1.x, 4.2.x, 4.3.x, 5.0.x

References

spring.io /security/cve-2026-47825

{
    "lastseen": "",
    "description": "Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers.\n\nAffected versions:\nSpring Cloud Gateway 3.1.x (fix 3.1.13).\nSpring Cloud Gateway 4.1.x (fix 4.1.13).\nSpring Cloud Gateway 4.2.x (fix 4.2.9).\nSpring Cloud Gateway 4.3.x (fix 4.3.5).\nSpring Cloud Gateway 5.0.x (fix 5.0.2).",
    "published": "2026-06-15T19:34:29.601Z",
    "modified": "2026-06-15T19:34:29.601Z",
    "type": "cve",
    "title": "Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situations",
    "source": "vmware",
    "references": "https://spring.io/security/cve-2026-47825",
    "id": "CVE-2026-47825",
    "bulletinFamily": "",
    "cwe": [
        "CWE-346"
    ],
    "cvelist": null,
    "sourceData": "Spring Spring Cloud Gateway 3.1.0\nSpring Spring Cloud Gateway 4.1.0\nSpring Spring Cloud Gateway 4.2.0\nSpring Spring Cloud Gateway 4.3.0\nSpring Spring Cloud Gateway 5.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Spring Cloud Gateway",
    "version": "3.1.0",
    "vendor": "Spring",
    "ai_description": "Spring Cloud Gateway Server vulnerability allowing forwarding of X-Forwarded-For and Forwarded headers from untrusted proxies",
    "ai_severity": "High",
    "ai_vendor": "Spring",
    "ai_product": "Spring Cloud Gateway",
    "ai_version": "3.1.x, 4.1.x, 4.2.x, 4.3.x, 5.0.x",
    "ai_score": 8.6
}

Spring Cloud Gateway Server Forwards Headers from Untrusted Proxies in certain situations_CVE-2026-47825