CVE-2026-41863
- EPSS 0.4%
- Veröffentlicht 25.05.2026 05:45:37
- Zuletzt bearbeitet 01.06.2026 14:22:15
Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted direct...
CVE-2026-41713
- EPSS 0.22%
- Veröffentlicht 12.05.2026 10:17:39
- Zuletzt bearbeitet 12.05.2026 19:25:06
A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior ...
CVE-2026-41712
- EPSS 0.26%
- Veröffentlicht 12.05.2026 10:17:36
- Zuletzt bearbeitet 12.05.2026 19:26:04
Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users.
CVE-2026-41705
- EPSS 0.35%
- Veröffentlicht 09.05.2026 01:16:08
- Zuletzt bearbeitet 12.05.2026 19:26:43
Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgrade to 1.0.7 or greater. Spring AI 1.1.x: affected f...
CVE-2026-40980
- EPSS 0.24%
- Veröffentlicht 28.04.2026 07:31:24
- Zuletzt bearbeitet 29.04.2026 18:15:44
In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by `ForkPDFLayoutTextStripper`. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5...
CVE-2026-40979
- EPSS 0.11%
- Veröffentlicht 28.04.2026 07:31:21
- Zuletzt bearbeitet 29.04.2026 18:16:16
In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)
CVE-2026-40978
- EPSS 0.34%
- Veröffentlicht 28.04.2026 07:18:53
- Zuletzt bearbeitet 29.04.2026 18:16:36
SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)
CVE-2026-40966
- EPSS 0.23%
- Veröffentlicht 28.04.2026 06:42:36
- Zuletzt bearbeitet 29.04.2026 18:18:01
In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter logic through conversationId. Only applications that use VectorStoreC...
CVE-2026-40967
- EPSS 0.39%
- Veröffentlicht 28.04.2026 06:03:51
- Zuletzt bearbeitet 29.04.2026 19:04:59
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter...
CVE-2026-22744
- EPSS 0.25%
- Veröffentlicht 27.03.2026 05:38:59
- Zuletzt bearbeitet 02.06.2026 17:16:27
In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field, stringValue() inserts the value directly into the @field:{VALUE} RediSearch TAG block without escaping characters.T...