{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-47825/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-15T19:34:29.601Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-47825","@id":"https://www.cve.org/CVERecord?id=CVE-2026-47825","description":"Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers.\n\nAffected versions:\nSpring Cloud Gateway 3.1.x (fix 3.1.13).\nSpring Cloud Gateway 4.1.x (fix 4.1.13).\nSpring Cloud Gateway 4.2.x (fix 4.2.9).\nSpring Cloud Gateway 4.3.x (fix 4.3.5).\nSpring Cloud Gateway 5.0.x (fix 5.0.2)."},"products":[{"@id":"cpe:2.3:a:spring:spring_cloud_gateway:*:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:spring:spring_cloud_gateway:*:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"Update to a fixed version: 3.1.13, 4.1.13, 4.2.9, 4.3.5, 5.0.2.","timestamp":"2026-06-15T19:34:29.601Z"}]}