LOW | APRIL 17, 2026 | CVE-2026-22741
Description Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the…
MEDIUM | APRIL 17, 2026 | CVE-2026-22745
Description Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux…
MEDIUM | APRIL 17, 2026 | CVE-2026-22740
Description A WebFlux server application that processes multipart requests creates temp files for parts
larger than 10 K. Under some circumstances, temp files may remain not deleted after the
request is fully processed. This allows an attacker to consume…
HIGH | APRIL 09, 2026 | CVE-2026-22750
Description When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Affected Spring Products and Versions Spring…
CRITICAL | MARCH 26, 2026 | CVE-2026-22738
Description In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and…
HIGH | MARCH 26, 2026 | CVE-2026-22744
Description In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field,
stringValue() inserts the value directly into the @field:{VALUE} RediSearch TAG block without escaping characters…
HIGH | MARCH 26, 2026 | CVE-2026-22742
Description spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to…
HIGH | MARCH 26, 2026 | CVE-2026-22743
Description spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter.
When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter
of spring-ai-neo4j-store, doKey…
MEDIUM | MARCH 23, 2026 | CVE-2026-22739
Description When substituting the profile parameter from a request made to the Spring Cloud Config Server configured to the native file system as a backend, it was possible to access files outside of the configured search directories. In addition, when using a…
HIGH | MARCH 19, 2026 | CVE-2026-22731
Description Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint
that requires authentication is declared under a specific path, already configured for a Health Group additional path…
