Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreCVE-2026-41708: Spring Cloud Sleuth instrumentation of Spring TX DoS vulnerability
Description
In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition.
Specifically, an application is vulnerable when all of the following are true:
- the application uses a vulnerable version of
org.springframework.cloud:spring-cloud-sleuth-instrumentation - Spring TX instrumentation is not disabled
Affected Products and Versions
Spring Cloud Sleuth 3.1.0 - 3.1.13
Mitigation
Users of affected versions should upgrade to the corresponding fixed version.
| Affected version(s) | Fix version | Availability |
|---|---|---|
| 3.1.x | 3.1.14 | Enterprise Support Only |
No further mitigation steps are necessary.
References
History
- 2026-06-11: Initial vulnerability report published.
Reporting a vulnerability
To report a security vulnerability for a project within the Spring portfolio, see the Security Policy
Get support
Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.
Learn moreUpcoming events
Check out all the upcoming events in the Spring community.
View all