6504 matches found
CVE-2026-40968 Spring gRPC SecurityContext leaks across requests on authorization failure
When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...
Time-of-check Time-of-use
Spring Security is vulnerable to a Time-of-check Time-of-use race condition. The vulnerability is due to a Time-of-Check Time-of-Use TOCTOU issue in JdbcOneTimeTokenService, where token validation and usage are not performed atomically, allowing attackers to reuse or race token consumption and...
CVE-2026-40970
A flaw was found in Spring Boot. When configured to use an SSL Secure Sockets Layer bundle, the Elasticsearch auto-configuration component does not perform hostname verification when establishing a connection to the Elasticsearch server. An attacker on an adjacent network could exploit this by...
com.thecookiezen:archiledger-core (>=0.0.4 <=0.0.5), io.github.massimilianopili:mcp-vector-tools (=0.3.1) +1 more potentially affected by CVE-2026-40979 via org.springframework.ai:spring-ai-transformers (>=1.1.0 <=1.1.4)
org.springframework.ai:spring-ai-transformers MAVEN version =1.1.0, =0.0.4, =1.1.0, =1.1.4 Source cves: CVE-2026-40979 Source advisory: OSV:GHSA-R5HP-3CGJ-J6XV...
org.springframework.ai:spring-ai-starter-vector-store-azure-cosmos-db (>=1.0.0 <=1.0.5) potentially affected by CVE-2026-40978 via org.springframework.ai:spring-ai-azure-cosmos-db-store (>=1.0.0 <=1.0.5)
org.springframework.ai:spring-ai-azure-cosmos-db-store MAVEN version =1.0.0, =1.0.0, =1.0.5 Source cves: CVE-2026-40978 Source advisory: OSV:GHSA-63C8-M9M2-CVR3...
GHSA-V6X6-PJXW-3PV2 Spring AI's VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration
In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter logic through conversationId. Only applications that use VectorStoreChatMemoryAdvisor and pass user-supplied input a...
ai.telosforge:kimaira-starter-etl (>=1.2.4 <=1.2.6), cn.echoparrot:echoparrot-application (=25.4.0) +12 more potentially affected by CVE-2026-40980 via org.springframework.ai:spring-ai-pdf-document-reader (>=1.1.0 <=1.1.2)
org.springframework.ai:spring-ai-pdf-document-reader MAVEN version =1.1.0, =1.2.4, =25.4.0, =1.1.0.0, =1.1.0.0, =1.1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =.30.0.rc5, =3.3.0.rc2, =3.3.0.rc2, =3.30.0.rc12 Source cves: CVE-2026-40980 Source advisory: OSV:GHSA-26GG-9GV2-V27J...
org.springframework.ai:spring-ai-starter-vector-store-azure-cosmos-db (>=1.1.0 <=1.1.4) potentially affected by CVE-2026-40978 via org.springframework.ai:spring-ai-azure-cosmos-db-store (>=1.1.0 <=1.1.4)
org.springframework.ai:spring-ai-azure-cosmos-db-store MAVEN version =1.1.0, =1.1.0, =1.1.4 Source cves: CVE-2026-40978 Source advisory: OSV:GHSA-63C8-M9M2-CVR3...
GHSA-R5HP-3CGJ-J6XV Spring AI's ONNX model cache defaults to world-writable predictable /tmp directory
In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...
GHSA-26GG-9GV2-V27J Spring AI Vulnerable to OOM by attacker-controlled PDF
In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by ForkPDFLayoutTextStripper. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...
com.alibaba.cloud.ai:spring-ai-alibaba-autoconfigure-memory-long (>=1.1.0.0 <=1.1.2.2-retriever2), com.alibaba.cloud.ai:spring-ai-alibaba-starter-memory-long (>=1.1.0.0 <=1.1.2.2-retriever2) +5 more potentially affected by CVE-2026-40966 via org.springframework.ai:spring-ai-advisors-vector-store (>=1.1.0 <=1.1.4)
org.springframework.ai:spring-ai-advisors-vector-store MAVEN version =1.1.0, =1.1.0.0, =1.1.0.0, =1.1.0.0, =0.0.6, =4.17.0, =4.17.0, =4.20.0 - org.vrspace:server =0.8.7 Source cves: CVE-2026-40966 Source advisory: OSV:GHSA-V6X6-PJXW-3PV2...
com.redis.om:redis-om-spring-ai (>=1.0.0 <=2.0.4), io.github.massimilianopili:mcp-embeddings-tools (>=0.0.1 <=0.1.0) +2 more potentially affected by CVE-2026-40979 via org.springframework.ai:spring-ai-transformers (>=1.0.0 <=1.0.5)
org.springframework.ai:spring-ai-transformers MAVEN version =1.0.0, =1.0.0, =0.0.1, =1.0.0, =1.0.5 Source cves: CVE-2026-40979 Source advisory: OSV:GHSA-R5HP-3CGJ-J6XV...
com.alibaba.cloud.ai:spring-ai-alibaba-starter-document-parser-apache-pdfbox (>=1.0.0.1 <=1.0.0.4), com.alibaba.cloud.ai:spring-ai-alibaba-starter-document-parser-bibtex (>=1.0.0.1 <=1.0.0.4) +6 more potentially affected by CVE-2026-40980 via org.springframework.ai:spring-ai-pdf-document-reader (>=1.0.0 <=1.0.1)
org.springframework.ai:spring-ai-pdf-document-reader MAVEN version =1.0.0, =1.0.0.1, =1.0.0.1, =1.0.0.1, =1.0.0.4 - com.alibaba.cloud.ai:spring-ai-alibaba-studio-server-admin =1.0.0.4 - com.alibaba.cloud.ai:spring-ai-alibaba-studio-server-core =1.0.0.4 -...
Spring AI's VectorStoreChatMemoryAdvisor conversation scoping can lead to cross-tenant memory exfiltration
In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter logic through conversationId. Only applications that use VectorStoreChatMemoryAdvisor and pass user-supplied input a...
Spring AI's ONNX model cache defaults to world-writable predictable /tmp directory
In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...
GHSA-QC4J-QJQX-VR58 Spring AI has a VectorStore FilterExpression Converter injection
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...
ai.driftkit:driftkit-vector-spring-ai (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-vector-spring-ai-starter (>=0.6.0 <=0.8.7) +176 more potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-vector-store (>=1.0.0 <=1.0.5)
org.springframework.ai:spring-ai-vector-store MAVEN version =1.0.0, =0.6.0, =0.6.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0.1, =1.0.0.1, =1.0.0.3, =1.0.0.3, =1.0.0.1, =1.0.0.4 - com.alibaba.cloud.ai:spring-ai-alibaba-autoconfigure-nacos-mcp-client =1.0.0.1 and more Source cves:...
ai.koog:koog-spring-ai-starter-vector-store (>=0.8.0 <=0.8.0-rc-1), ai.telosforge:kimaira-starter-agentic (>=1.2.4 <=1.2.6) +237 more potentially affected by CVE-2026-40967 via org.springframework.ai:spring-ai-vector-store (>=1.1.0 <=1.1.4)
org.springframework.ai:spring-ai-vector-store MAVEN version =1.1.0, =0.8.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =25.4.0, =1.21.2, =0.1.0, =0.3.0, =1.1.0.0, =1.1.0.0, =1.1.0.0, =1.1.2.2-retriever2 and more Source cves: CVE-2026-40967 Source advisory: OSV:GHSA-QC4J-QJQX-VR58...
Spring AI has a VectorStore FilterExpression Converter injection
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are not properly escaped, leading to the ability to alter the query. Affected versions: Spring AI: 1.0.0...
CVE-2026-40980
In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by ForkPDFLayoutTextStripper. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...