AIKIDO-2026-88683

spring-cloud-gateway-server-webmvc is vulnerable to Insufficient Verification of Data Authenticity

Insufficient Verification of Data AuthenticityCVE-2026-47825 Published Today

High Risk

This Affects:

spring-cloud-gateway-server-webmvc

0.0.1 - 3.1.12

Fixed in 3.1.13

4.0.0 - 4.1.12

Fixed in 4.1.13

4.2.0 - 4.2.8

Fixed in 4.2.9

4.3.0 - 4.3.4

Fixed in 4.3.4.1

5.0.0 - 5.0.1

Fixed in 5.0.1.1

Are you affected? Scan for Free

TL;DR

Spring Cloud Gateway contains a vulnerability that may cause X-Forwarded-For and Forwarded headers received from untrusted proxies to be forwarded to backend services in certain configurations. An attacker can exploit this behavior to spoof client identity or network origin information, potentially bypassing IP-based security controls, access restrictions, or auditing mechanisms. As part of this fix, the Spring Cloud Gateway Server WebFlux NettyServerCustomizer has been disabled by default. If you require this to be enabled, please set spring.cloud.gateway.server.webflux.httpserver.customizer-enabled=true for versions 5.0.x or 4.3.x if you have migrated to the new properties namespace, or spring.cloud.gateway.httpserver.customizer-enabled=true for 4.3.x if you have not migrated to the new properties namespace and for 4.2.x and 3.1.x.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

spring-cloud-gateway-server-webmvc is vulnerable to Insufficient Verification of Data Authenticity in versions 0.0.1 - 3.1.12, 4.0.0 - 4.1.12, 4.2.0 - 4.2.8, 4.3.0 - 4.3.4 and 5.0.0 - 5.0.1.