Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-41004
PUBLISHED
More InfoOfficial Page
Assigner-vmware
Assigner Org ID-dcf2e128-44bd-42ed-91e8-88f912c1401d
View Known Exploited Vulnerability (KEV) details
Published At-07 May, 2026 | 03:51
Updated At-07 May, 2026 | 03:51
Rejected At-
▼CVE Numbering Authority (CNA)

When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Enterprise Support Only). Spring Cloud Config 4.1.x: affected from 4.1.0 through 4.1.9 (inclusive); upgrade to 4.1.10 or greater (Enterprise Support Only). Spring Cloud Config 4.2.x: affected from 4.2.0 through 4.2.6 (inclusive); upgrade to 4.2.7 or greater (Enterprise Support Only). Spring Cloud Config 4.3.x: affected from 4.3.0 through 4.3.2 (inclusive); upgrade to 4.3.3 or greater. Spring Cloud Config 5.0.x: affected from 5.0.0 through 5.0.2 (inclusive); upgrade to 5.0.3 or greater.

Affected Products
Vendor
VMware (Broadcom Inc.)Spring
Product
Spring Cloud Config
Default Status
unaffected
Versions
Affected
  • From 3.1.0 before 3.1.14 (custom)
  • From 4.1.0 before 4.1.10 (custom)
  • From 4.2.0 before 4.2.7 (custom)
  • From 4.3.0 before 4.3.3 (custom)
  • From 5.0.0 before 5.0.3 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-532CWE-532: Insertion of Sensitive Information into Log File
Type: CWE
CWE ID: CWE-532
Description: CWE-532: Insertion of Sensitive Information into Log File
Metrics
VersionBase scoreBase severityVector
3.14.4MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 4.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
N/AA privileged local user with trace logging enabled can read sensitive information exposed in plain text in Spring Cloud Config Server log output, compromising confidentiality.
CAPEC ID: N/A
Description: A privileged local user with trace logging enabled can read sensitive information exposed in plain text in Spring Cloud Config Server log output, compromising confidentiality.
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://spring.io/security/cve-2026-41004
N/A
Hyperlink: https://spring.io/security/cve-2026-41004
Resource: N/A
Details not found