Home/Product/vmware spring ai
Product

vmware spring ai

14 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-41713
>= 1.0.0 and < 1.0.7
A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way.
8.2HIGH
 CVE-2026-41712
>= 1.0.0 and < 1.0.7
Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended
7.5HIGH
 CVE-2026-41705
>= 1.0.0 and < 1.0.7
Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document
8.6HIGH
 CVE-2026-40980
>= 1.0.0 and < 1.0.6
In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by `
6.5MEDIUM
 CVE-2026-40979
>= 1.0.0 and < 1.0.6
In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring
6.1MEDIUM
 CVE-2026-40978
>= 1.0.0 and < 1.0.6
SQL injection vulnerability in Spring AI's CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted doc
8.8HIGH
 CVE-2026-40966
>= 1.0.0 and < 1.0.6
In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, in
5.9MEDIUM
 CVE-2026-40967
>= 1.0.0 and < 1.0.6
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific v
8.6HIGH
 CVE-2026-22744
>= 1.0.0 and < 1.0.5
In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG
7.5HIGH
 CVE-2026-22743
>= 1.0.0 and < 1.0.5
Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a use
7.5HIGH
 CVE-2026-22742
>= 1.0.0 and < 1.0.5
Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel whe
8.6HIGH
 CVE-2026-22738
>= 1.0.0 and < 1.0.5
In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expressi
9.8CRITICAL
 CVE-2026-22730
>= 1.0.0 and < 1.0.4
A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based a
8.8HIGH
 CVE-2026-22729
>= 1.0.0 and < 1.0.4
A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-
8.6HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin