Zero Day MonitorZDM

← Back to list

7.5

CVE-2026-41708EXPLOITEDPATCHED

broadcom · spring_cloud_sleuth

Spring Cloud Sleuth instrumentation of Spring TX DoS vulnerability

Description

In Spring Cloud Sleuth, it is possible for a user to provide specially crafted calls that may cause a denial-of-service (DoS) condition. The application is vulnerable when it uses a vulnerable version of org.springframework.cloud:spring-cloud-sleuth-instrumentation and Spring TX instrumentation is not disabled. Affected versions: Spring Cloud Sleuth 3.1.0 through 3.1.13.

Affected Products

Vendor	Product	Versions
broadcom	spring_cloud_sleuth	3.1.0, 3.1.13

References

https://spring.io/security/cve-2026-41708

Related News (3 articles)

Tier C

VulDB11d ago

CVE-2026-41708 | Vmware Spring Cloud Sleuth up to 3.1.13 resource consumption

→ No new info (linked only)

Tier B

CCCS Canada15d ago

Spring security advisory (AV26-592)

→ No new info (linked only)

Tier B

CERT-FR16d ago

Multiples vulnérabilités dans les produits Spring (12 juin 2026)

→ No new info (linked only)

CVSS 3.17.5 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA KEV❌ No

Actively exploited✅ Yes

Patch available

3.1.14

CWECWE-400

PublishedJun 12, 2026

Last enriched11d agov3

Tags

denial of serviceremote

Trending Score12

Source articles3

Independent3

Info Completeness10/14

Missing: epss, kev, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2026-40012EXP

Information about ECS zero scoped answers might leak to clients that use a specific ECS

NONECVE-2026-44838EXP

RabbitMQ MQTT Topic Permission Authorization Bypass

NONECVE-2026-11626

Local Privilege Escalation in Symantec Endpoint Protection macOS CleanWipe Removal Tool

NONECVE-2026-11815

Insecure Deserialization via MITM in Layer 7 Policy Manager

CRITICALPRE-CVEEXP

Critical vulnerabilities in VMware Tanzu for Valkey

Pin to Dashboard

Verification

State: verified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 12, 2026

Discovered by ZDM

Jun 12, 2026

Updated: affectedVersions, exploitAvailable, activelyExploited

Jun 12, 2026

Actively Exploited

Jun 15, 2026

Exploit Available

Jun 15, 2026

Patch Available

Jun 15, 2026

Updated: affectedVersions

Jun 16, 2026

Version History

v3

Last enriched 11d ago

v3Tier C11d ago

Updated vendor to Vmware, product name, affected versions to include 3.1.13, changed severity to MEDIUM, and noted no exploit available.

affectedVersions

via VulDB

v2Tier B15d ago

Added affected versions for Cloud Sleuth and marked exploit availability and active exploitation status as true.

affectedVersionsexploitAvailableactivelyExploited

via CCCS Canada

v115d ago

Initial creation