Spring Cloud Config Server Google Secrets Manager backend flaw (HIGH)

cve · CVE-2026-40981

Coverage timeline

first 2026-05-09 → last 2026-05-09

Briefs

1 distinct

Sources cited

3 hosts

Sections touched

—

Co-occurring entities

no co-occurrence

Story timeline

2026-05-09CTI Daily Brief — 2026-05-09

Source distribution

cert.ssi.gouv.fr1 (33%)
herodevs.com1 (33%)
spring.io1 (33%)

External references

NVD · cve.org · CISA KEV

All cited sources (3)

spring.ioprimaryinlineSpring.io security advisory, 2026-05-06https://spring.io/security/cve-2026-40982
cited in 2026-05-09
cert.ssi.gouv.frinlineCERT-FR CERTFR-2026-AVI-0543, 2026-05-07https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0543/
source profile · cited in 2026-05-09
herodevs.cominlineHeroDevs analysis, 2026-05-08https://www.herodevs.com/blog-posts/cve-2026-40982-critical-spring-cloud-config-server-directory-traversal-cvss-9-8
cited in 2026-05-09

Items in briefs about Spring Cloud Config Server Google Secrets Manager backend flaw (HIGH)

No parsed item heading or body matches this entity yet. Items match by exact CVE id (for CVE entities), by lead-segment substring of the title in the item heading or body, or by a distinctive anchor token from the title appearing in the item heading. Coverage that lives inside a broader section (no per-item heading) is captured by the Story timeline above.