CVE-2026-40990
MEDIUM 5.7OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud Function 4.3.x: versions prior to 4.3.3 Spring Cloud Function 5.0.x: versions prior to 5.0.2 Older, unsupported versions are also affected.
NO EXPLOITATION SIGNALS
No known exploitation, public exploit, or elevated probability at this time. Track for changes.
Exploitation likelihood
0.2%chance of exploitation in 30 days · 11th percentile
○ In CISA KEV
○ Public exploit / PoC
Impact if exploited
5.7CVSS 3.1 · MEDIUM
- ConfidentialityNone
- IntegrityLow
- AvailabilityHigh
What an attacker needs
- ⚠Access: Requires physical access to the device
- ⚠Privileges: Requires a low-privilege account
- ⚠User interaction: A user must take an action (click / open a file)
- ✓Complexity: No special conditions — reliably repeatable
✓ lowers the bar for an attacker · ⚠ raises it
Weakness (CWE)
- CWE-770: Allocation without limits
CVSS vector
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:H