Spring AI 1.0.x < 1.0.6 / 1.1.x < 1.1.5 Multiple Vulnerabilities

The version of Spring AI installed on the remote host is 1.0.x prior to 1.0.6 or 1.1.x prior to 1.1.5. It is, therefore, affected by multiple vulnerabilities, including: - A SQL injection vulnerability in CosmosDBVectorStore allows attackers to execute arbitrary SQL queries via crafted document...

CVE-2026-40980

In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by ForkPDFLayoutTextStripper. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

VMware Spring AI 资源管理错误漏洞

VMware Spring AI is a development framework by the American company VMware, which integrates artificial intelligence and large language model capabilities into the Spring ecosystem. Versions 1.0.0 to 1.0.5 and 1.1.0 to 1.1.4 of VMware Spring AI contain resource management vulnerabilities. These...