CVE-2026-45609
CVE-2026-45609 concerns the mcp-security component of Spring AI, where unvalidated URL fetching enables SSRF prior to version 0.1.9. The vulnerability affects installations with Dynamic Client Registration (DCR) enabled and involves processing untrusted URLs used for OAuth-related discovery and m...