|
Vulnerabilities
< Back

CVE-2026-40990

Updated on 08 May 2026

Severity

5.7 Medium severity

Details

CVSS score
5.7
CVSS vector
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H
CWE ID
Links
NISTCIRCLRHELUbuntu

Overview

About vulnerability

SVG ImageDescription

OOM error is possible while attempting to add infinite amount of functions to Function Registry.

SVG ImageAffected Spring Products and Versions

Spring Cloud Function

  • 3.2.x
  • 4.1.x
  • 4.2.x
  • 4.3.x
  • 5.0.x
  • Older, unsupported versions are also affected

SVG ImageMitigation

Users of affected versions should upgrade to the corresponding fixed version.

Affected version(s) Fix version Availability
3.2.x 3.2.16 Enterprise Support Only
4.1.x 4.1.10 Enterprise Support Only
4.2.x 4.2.6 Enterprise Support Only
4.3.x 4.3.3 OSS
5.0.x 5.0.2 OSS

SVG ImageReferences

Details

SVG ImageDescription

OOM error is possible while attempting to add infinite amount of functions to Function Registry.

SVG ImageAffected Spring Products and Versions

Spring Cloud Function

  • 3.2.x
  • 4.1.x
  • 4.2.x
  • 4.3.x
  • 5.0.x
  • Older, unsupported versions are also affected

SVG ImageMitigation

Users of affected versions should upgrade to the corresponding fixed version.

Affected version(s) Fix version Availability
3.2.x 3.2.16 Enterprise Support Only
4.1.x 4.1.10 Enterprise Support Only
4.2.x 4.2.6 Enterprise Support Only
4.3.x 4.3.3 OSS
5.0.x 5.0.2 OSS

SVG ImageReferences