CVE-2026-47825 | Spring Cloud Gateway Server forwards the X-Forwarded-For and… | CVSS 8.6 HIGH

Description

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x (fix 3.1.13). Spring Cloud Gateway 4.1.x (fix 4.1.13). Spring Cloud Gateway 4.2.x (fix 4.2.9). Spring Cloud Gateway 4.3.x (fix 4.3.5). Spring Cloud Gateway 5.0.x (fix 5.0.2).

Metadata

CVE ID: CVE-2026-47825
State: PUBLISHED
Assigner: vmware
Reserved: 2026-05-20 10:00 UTC
Published: 2026-06-15 19:34 UTC
Last updated: 2026-06-15 19:34 UTC
Primary CWE: CWE-346
CWE-346: Origin Validation Error
Vendor / Product: Spring / Spring Cloud Gateway
Sources: cve.org · NVD

Severity & Metrics

8.6 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Affected products (1)

Vendor	Product	Platform	Versions
Spring	Spring Cloud Gateway	—	3.1.0 < 3.1.13, 4.1.0 < 4.1.13, 4.2.0 < 4.2.9, 4.3.0 < 4.3.5 …

Weakness (CWE)

CWE	Source	Description
CWE-346	cna	CWE-346: Origin Validation Error

CVSS scores (1)

Score	Severity	Version	Source	Vector
8.6	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

References (1)

https://spring.io/security/cve-2026-47825