CVE-2026-22742
- EPSS 0.06%
- Veröffentlicht 27.03.2026 05:27:41
- Zuletzt bearbeitet 10.05.2026 14:16:48
Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an att...
CVE-2026-22738
- EPSS 0.05%
- Veröffentlicht 27.03.2026 05:21:07
- Zuletzt bearbeitet 10.05.2026 14:16:48
In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and p...
CVE-2026-22729
- EPSS 0.03%
- Veröffentlicht 18.03.2026 07:39:56
- Zuletzt bearbeitet 01.04.2026 16:53:35
A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-controlled input passed to FilterExpressionBuilder is con...
CVE-2026-22730
- EPSS 0.02%
- Veröffentlicht 18.03.2026 07:36:30
- Zuletzt bearbeitet 01.04.2026 16:52:48
A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization.