CVE-2026-62242 PUBLISHED

Spring Boot Admin Server < 4.1.2 SSRF via Unauthenticated Instance Registration

Assigner: VulnCheck
Reserved: 13.07.2026 Published: 13.07.2026 Updated: 14.07.2026

Spring Boot Admin Server before 4.1.2 contains a server-side request forgery vulnerability that allows unauthenticated attackers to register instances with attacker-controlled healthUrl and managementUrl parameters without validation against private IP ranges or metadata endpoints. Attackers can force the server to make HTTP requests to arbitrary internal addresses and retrieve response bodies via the actuator proxy to exfiltrate cloud credentials.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
CVSS Score: 7.7

Product Status

Vendor codecentric
Product spring-boot-admin
Versions Default: unaffected
  • affected from 0 to 4.1.2 (excl.)

Credits

  • George Chen finder

References

Problem Types

  • Server-Side Request Forgery (SSRF) CWE