VYPR

Spring AI

by Spring Projects

Source repositories

CVEs (3)

  • CVE-2026-47835HigJun 15, 2026
    risk 0.49cvss 8.6epss 0.00

    In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsearch-store, spring-ai-opensearch-store, spring-ai-gemfire-store. Affected…

  • CVE-2026-41863MedMay 25, 2026
    risk 0.42cvss 6.5epss 0.00

    Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories. Affected versions:…

  • CVE-2026-41712HigMay 12, 2026
    risk 0.42cvss 7.5epss 0.00

    Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users.