CVE-2026-40989

EUVD-2026-33733
Under infinite recursion in the routing layer, request-handling can cause OOM error.

Affected Spring Products and Versions:
Spring Cloud Function 3.2.x: versions prior to 3.2.16
Spring Cloud Function 4.1.x: versions prior to 4.1.10
Spring Cloud Function 4.2.x: versions prior to 4.2.6
Spring Cloud Function 4.3.x: versions prior to 4.3.3
Spring Cloud Function 5.0.x: versions prior to 5.0.2
Older, unsupported versions are also affected.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.7 MEDIUM
PHYSICAL
LOW
LOW
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Affected Products (NVD)
VendorProductVersion
vmwarespring_cloud_function
3.2.0 ≤
𝑥
< 3.2.16
vmwarespring_cloud_function
4.1.0 ≤
𝑥
< 4.1.10
vmwarespring_cloud_function
4.2.0 ≤
𝑥
< 4.2.6
vmwarespring_cloud_function
4.3.0 ≤
𝑥
< 4.3.3
vmwarespring_cloud_function
5.0.0 ≤
𝑥
< 5.0.2
𝑥
= Vulnerable software versions