Lucene search
K

6 matches found

NVD
NVD
added 2026/05/25 7:16 a.m.22 views

CVE-2026-41863

Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories. Affected versions: Spring AI: 1.1.0...

6.5CVSS0.00398EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/25 5:45 a.m.7 views

CVE-2026-41863 LLM-influenced filename used unsanitized in Path.resolve before file write in Spring AI support for Anthropic Skills API

Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories. Affected versions: Spring AI: 1.1.0...

6.5CVSS5.8AI score0.00398EPSS
Exploits0References1
CVE
CVE
added 2026/05/25 5:45 a.m.25 views

CVE-2026-41863

Technical details about the vulnerability (affected component specifics, root cause, exploit scenarios, and remediation) are not provided in the supplied documents. Monitor for updates from Spring.io security advisories.

6.5CVSS5.8AI score0.00398EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/25 5:45 a.m.11 views

CVE-2026-41863

Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories. Affected versions: Spring AI: 1.1.0...

6.5CVSS5.8AI score0.00398EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/25 5:45 a.m.14 views

EUVD-2026-31638

Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories. Affected versions: Spring AI: 1.1.0...

6.5CVSS5.8AI score0.00398EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/25 5:45 a.m.40 views

CVE-2026-41863 LLM-influenced filename used unsanitized in Path.resolve before file write in Spring AI support for Anthropic Skills API

Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories. Affected versions: Spring AI: 1.1.0...

6.5CVSS0.00398EPSS
Exploits0References1
Rows per page
Query Builder