Cyber Resilience

CVE-2026-22750

HighUpdated

Published: 10 April 2026

Published
10 April 2026
Modified
05 June 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score 0.0006 17.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22750 is a high-severity External Control of System or Configuration Setting (CWE-15) vulnerability in Vmware Spring Cloud Gateway. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 17.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2026-22750 is a vulnerability in Spring Cloud Gateway where the configuration property spring.ssl.bundle for SSL bundles is silently ignored, causing the application to fall back to the default SSL configuration instead. This issue primarily affects the 4.2.x branch, including version 4.2.0, which is no longer under open source support. The vulnerability is classified under CWE-15 (External Control of System or Configuration Setting) with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N), indicating high severity due to its network accessibility and integrity impact.

Remote, unauthenticated attackers can exploit this vulnerability with low complexity and no user interaction. By leveraging the ignored custom SSL bundle configuration, attackers can achieve high integrity impact, potentially allowing unauthorized modification of data in transit or related to the gateway's SSL handling.

The Spring advisory at https://spring.io/security/cve-2026-22750 recommends upgrading from Spring Cloud Gateway 4.2.0 to any newer 4.2.x release available on Maven Central (https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/). For non-enterprise users, the ideal mitigation is to upgrade to the supported open source releases 5.0.2 or 5.1.1.

EU & UK References

Vulnerability details

When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you…

more

are using Spring Cloud Gateway 4.2.0 and are not an enterprise customer, you can upgrade to any Spring Cloud Gateway 4.2.x release newer than 4.2.0 available on Maven Centeral https://repo1.maven.org/maven2/org/springframework/cloud/spring-cloud-gateway/ . Ideally if you are not an enterprise customer, you should be upgrading to 5.0.2 or 5.1.1 which are the current supported open source releases.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote unauthenticated exploitation of a public-facing Spring Cloud Gateway application due to ignored SSL configuration, directly enabling initial access via public-facing app exploitation with integrity impact on transit data.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-22719Same vendor: Vmware
CVE-2026-41002Same vendor: Vmware
CVE-2026-22754Same vendor: Vmware
CVE-2026-22732Same vendor: Vmware
CVE-2026-40976Same vendor: Vmware
CVE-2026-22731Same vendor: Vmware
CVE-2026-22747Same vendor: Vmware
CVE-2026-22733Same vendor: Vmware
CVE-2026-22753Same vendor: Vmware
CVE-2026-40972Same vendor: Vmware

Affected Assets

vmware
spring cloud gateway
4.2.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates identifying, reporting, and correcting software flaws like CVE-2026-22750 through timely patching or upgrading vulnerable Spring Cloud Gateway versions.

detect

Requires vulnerability scanning and monitoring to identify deployments of affected Spring Cloud Gateway 4.2.x versions, enabling remediation.

preventdetect

Ensures secure SSL bundle configuration settings are defined, implemented, and verified, revealing the ignored custom property and insecure default fallback.

References