HIGH | MARCH 26, 2026 | CVE-2026-22742
Description spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to…
CRITICAL | MARCH 26, 2026 | CVE-2026-22738
Description In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and…
HIGH | MARCH 26, 2026 | CVE-2026-22744
Description In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field,
stringValue() inserts the value directly into the @field:{VALUE} RediSearch TAG block without escaping characters…
HIGH | MARCH 26, 2026 | CVE-2026-22743
Description spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter.
When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter
of spring-ai-neo4j-store, doKey…
MEDIUM | MARCH 23, 2026 | CVE-2026-22739
Description When substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, it was possible to access files outside of the configured search directories. In addition, when using a…
HIGH | MARCH 19, 2026 | CVE-2026-22731
Description Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint
that requires authentication is declared under a specific path, already configured for a Health Group additional path…
CRITICAL | MARCH 19, 2026 | CVE-2026-22732
Description When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written.
This can open up applications to various attacks including exposing sensitive data…
HIGH | MARCH 19, 2026 | CVE-2026-22733
Description Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint
that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints. More precisely…
LOW | MARCH 19, 2026 | CVE-2026-22735
Description Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the…
MEDIUM | MARCH 19, 2026 | CVE-2026-22737
Description Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and
Spring WebFlux applications can result in disclosure of content from files outside the
configured locations for script template views. The application must…
