ai.telosforge:kimaira-starter-agentic (>=1.2.4 <=1.2.6), ai.telosforge:kimaira-starter-agentic-factory (>=1.2.4 <=1.2.6) +168 more potentially affected by CVE-2026-22729 via org.springframework.ai:spring-ai-vector-store (>=1.1.0-M1 <=1.1.2)

org.springframework.ai:spring-ai-vector-store MAVEN version =1.1.0-M1, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =25.4.0, =1.21.2, =0.1.0, =0.3.0, =1.1.0.0, =1.1.0.0, =1.1.0.0, =1.1.0.0, =1.1.2.3 and more Source cves: CVE-2026-22729 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-15679673...

org.springframework.ai:spring-ai-mariadb-store-spring-boot-starter (>=1.0.0-M5 <=1.0.0-M6), org.springframework.ai:spring-ai-starter-vector-store-mariadb (>=1.0.0 <=1.0.3) potentially affected by CVE-2026-22730 via org.springframework.ai:spring-ai-mariadb-store (>=1.0.0-M5 <=1.0.3)

org.springframework.ai:spring-ai-mariadb-store MAVEN version =1.0.0-M5, =1.0.0-M5, =1.0.0, =1.0.3 Source cves: CVE-2026-22730 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-15679672...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the MariaDBFilterExpressionConverter, which allows attackers to bypass metadata-based access controls and execute SQL statements with malicious JSONVALUE input. Remediation Upgrade...

This Week in Spring - March 17th, 2026

Hi, Spring fans! Welcome to another rip-roaring installment of This Week in Spring , which I'm posting ahead of my keynote at the amazing JavaOne 2026 event here in sunny San Francisco, California! I love Piotr's latest post on using local AI models with LM Studio and Spring AI Did you see the ne...

org.springframework.ai:spring-ai-starter-vector-store-mariadb (>=1.1.0 <=1.1.2) potentially affected by CVE-2026-22730 via org.springframework.ai:spring-ai-mariadb-store (>=1.1.0-M1 <=1.1.2)

org.springframework.ai:spring-ai-mariadb-store MAVEN version =1.1.0-M1, =1.1.0, =1.1.2 Source cves: CVE-2026-22730 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-15679672...

PT-2026-25939

Name of the Vulnerable Software and Affected Versions Spring AI versions prior to 1.0.4 and 1.1.3 Description A JSONPath injection issue exists in Spring AI’s AbstractFilterExpressionConverter. Authenticated users can bypass metadata-based access controls by using crafted filter expressions...

PT-2026-25940

Name of the Vulnerable Software and Affected Versions Spring AI versions prior to 1.0.4 Spring AI versions prior to 1.1.3 Description A critical SQL injection flaw exists in Spring AI's MariaDBFilterExpressionConverter component. This issue allows attackers to bypass metadata-based access control...

This Week in Spring - March 10th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring. As I write this, I am preparing for a trip to Rust, Germany, for one of the best Java conferences in Europe: JavaLand, along with its new companion event, DevLand. It should be fun. Will you be around? If so, say hi. We have ...

EUVD-2026-10279

A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/gitee/SpringAIGiteeRestService.java of the component SpringAIGiteeRestController. Performing a manipulation of the argument apiUrl...

Bytedesk 代码问题漏洞

Bytedesk is a multi-channel intelligent customer service platform developed by the individual developers of bytedesk.com. Versions of Bytedesk 1.3.9 and earlier contained code vulnerabilities. These vulnerabilities stemmed from incorrect handling of the parameter apiUrl in the file...

CVE-2026-3789

CVE-2026-3789 affects Bytedesk up to version 1.3.9, specifically the getModels function in SpringAIGiteeRestService.java within SpringAIGiteeRestController. The vulnerability arises from manipulating the apiUrl argument, leading to server-side request forgery and remote exploitation. An exploit i...

CVE-2026-3788 Bytedesk SpringAIOpenrouterRestController SpringAIOpenrouterRestService.java getModels server-side request forgery

A security vulnerability has been detected in Bytedesk up to 1.3.9. This impacts the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springai/providers/openrouter/SpringAIOpenrouterRestService.java of the component SpringAIOpenrouterRestController. Such manipulation of th...

This Week in Spring - March 3rd, 2026

Hi Spring fans! Welcome to another rip-roaring installment of This Week in Spring! I'm writing this in an Uber en route to the airport to get to awsome Atlanta, GA, for Devnexus 2026! Who's goin'? You goin'? We - the Spring team - will be there in force! Come say hi at the boothes or come see our...

A Bootiful Podcast - John Willis, author of 'Rebels of Reason'

Hi Spring fans! In this installment I sit down with DevOps legend and industry analyst extraordinaire John Willis and talk about his new book Rebels of Reason: The Long Road from Aristotle to ChatGPT and AI's Heroes Who Kept the Faith , and talk about the nature of the ecosystem, AI, the role of...

This Week in Spring - February 24th, 2026

Hi, Spring fans! Welcome to another awesome and oh-so-agentic week in Spring! We've got a ton to look into, and I've got even more to prepare for next week's DevNexus event in Atlanta, GA, so let's dive right into it! Be sure to say "hi" if you're going to be there, though! You've heard of Agent...

A Bootiful Podcast: Glenn Renfro on Java and Spring community legend and my friend - on Devnexus and more

Hi, Spring fans! In this installment I talk to the amazing Glenn Renfro about Spring Batch, Spring Integration, Spring AI, and much more — plus why you should definitely register to attend the amazing Devnexus event in Atlanta, GA!...

This Week in Spring - February 3rd, 2026

Hi, Spring fans! This week I'm in northern Europe. I went on the Vaadin cruise from Finland to Sweden, gave a talk on a boat, then arrived in Stockholm in time for the amazing JFokus 2026 event where I had the privilege yesterday of doing a deep dive with my pal James Ward on Spring AI and agenti...

Spring AI Agentic Patterns (Part 5): Building Interoperable Agents with the Agent2Agent (A2A) Protocol

The Agent2Agent A2A Protocol is an open standard for seamless AI agent communication. It enables agents to discover capabilities, exchange messages, and coordinate workflows across platforms—regardless of their implementation. Spring AI A2A integrates the A2A Java SDK with Spring AI through Sprin...

Anthropic Agent Skills Support in Spring AI

In this blog, we show how using Spring AI, we can integrate with Anthropic's Native Skills API for Cloud-Based Document Generation and Custom Skills. Spring AI adds support for Anthropic's Agent Skills — modular capabilities that let Claude generate actual files rather than text descriptions. Wit...

This Week in Spring - January 20th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's already the 20th of January and we are off on yet another rip roarin' adventure as we look at the week that has been... this week in Spring! even more good stuff from Spring AI team legend Christian Tsolov, this one on...