MEDIUM SeverityCVSS 3.14.4CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CVE-2026-41004

Last updated May 07, 2026 · Published May 07, 2026

Description

When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Enterprise Support Only). Spring Cloud Config 4.1.x: affected from 4.1.0 through 4.1.9 (inclusive); upgrade to 4.1.10 or greater (Enterprise Support Only). Spring Cloud Config 4.2.x: affected from 4.2.0 through 4.2.6 (inclusive); upgrade to 4.2.7 or greater (Enterprise Support Only). Spring Cloud Config 4.3.x: affected from 4.3.0 through 4.3.2 (inclusive); upgrade to 4.3.3 or greater. Spring Cloud Config 5.0.x: affected from 5.0.0 through 5.0.2 (inclusive); upgrade to 5.0.3 or greater.

Affected products

1 listed

Spring:Spring Cloud Config

Mappings

CWE

CWE-532

CAPEC

None listed.

Guides

Secrets management in GitHub Actions: prevent leaks and rotate safelySecrets management in GitHub Actions starts with repository or environment secrets, scoped tokens, and OIDC…

Training

Logging and Detection EngineeringWriting logs that actually help you find attackers - structured, contextual, actionable.

CVE-2026-41004

Description

Affected products

Mappings

Related