CVE-2026-40983 | THREATINT

Description

In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of-service (DoS) condition. Affected versions: Micrometer 1.16.0 through 1.16.5; 1.15.0 through 1.15.11.

PUBLISHED Reserved 2026-04-16 | Published 2026-06-09 | Updated 2026-06-09 | Assigner vmware

HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-400: Uncontrolled Resource Consumption

Product status

Default status

unaffected

1.16.0 (custom) before 1.16.6

affected

1.15.0 (custom) before 1.15.12

affected

References

spring.io/security/cve-2026-40983

cve.org (CVE-2026-40983)

nvd.nist.gov (CVE-2026-40983)

Download JSON