6.1
CVE-2026-40979
- EPSS 0.02%
- Veröffentlicht 28.04.2026 07:31:21
- Zuletzt bearbeitet 29.04.2026 18:16:16
- Quelle security@vmware.com
- CVE-Watchlists
- Unerledigt
LoginIn Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.03 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@vmware.com | 6.1 | 1.8 | 4.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
|
CWE-377 Insecure Temporary File
Creating and using insecure temporary files can leave application and system data vulnerable to attack.