Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Mon, 13 Jul 2026 23:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Codecentric
Codecentric spring Boot Admin |
|
| Vendors & Products |
Codecentric
Codecentric spring Boot Admin |
Mon, 13 Jul 2026 21:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Spring Boot Admin Server before 4.1.2 contains a server-side request forgery vulnerability that allows unauthenticated attackers to register instances with attacker-controlled healthUrl and managementUrl parameters without validation against private IP ranges or metadata endpoints. Attackers can force the server to make HTTP requests to arbitrary internal addresses and retrieve response bodies via the actuator proxy to exfiltrate cloud credentials. | |
| Title | Spring Boot Admin Server < 4.1.2 SSRF via Unauthenticated Instance Registration | |
| Weaknesses | CWE-918 | |
| References |
|
|
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-14T12:08:54.642Z
Reserved: 2026-07-13T16:41:09.007Z
Link: CVE-2026-62242
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-14T13:15:10Z