Medium severity6.5NVD Advisory· Published May 25, 2026· Updated Jun 1, 2026
CVE-2026-41863
CVE-2026-41863
Description
Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories.
Affected versions: Spring AI: 1.1.0 through 1.1.x
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: >=1.1.0 <1.2.0
Patches
Vulnerability mechanics
References
1- spring.io/security/cve-2026-41863nvdVendor Advisory
News mentions
0No linked articles in our index yet.