HIGH | APRIL 20, 2026 | CVE-2026-22753
If an application is using securityMatchers(String) and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components will not be exercised as intended by the…
HIGH | APRIL 20, 2026 | CVE-2026-22754
If an application uses to define the servlet path for computing a path matcher, then the servlet path is not included and the related authorization rules are not exercised…
MEDIUM | APRIL 17, 2026 | CVE-2026-22740
A WebFlux server application that processes multipart requests creates temp files for parts
larger than 10 K. Under some circumstances, temp files may remain not deleted after the
request is fully processed. This allows an attacker to consume…
LOW | APRIL 17, 2026 | CVE-2026-22741
Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the…
MEDIUM | APRIL 17, 2026 | CVE-2026-22745
Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux…
HIGH | APRIL 09, 2026 | CVE-2026-22750
When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Affected Spring Products and Versions Spring…
HIGH | MARCH 26, 2026 | CVE-2026-22744
In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field,
stringValue() inserts the value directly into the @field:{VALUE} RediSearch TAG block without escaping characters…
CRITICAL | MARCH 26, 2026 | CVE-2026-22738
In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and…
HIGH | MARCH 26, 2026 | CVE-2026-22742
spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to…
HIGH | MARCH 26, 2026 | CVE-2026-22743
spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter.
When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter
of spring-ai-neo4j-store, doKey…
