HIGH | APRIL 20, 2026 | CVE-2026-22754
Description If an application uses to define the servlet path for computing a path matcher, then the servlet path is not included and the related authorization rules are not exercised…
HIGH | APRIL 20, 2026 | CVE-2026-22753
Description If an application is using securityMatchers(String) and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter chain may fail and its related security components will not be exercised as intended by the…
MEDIUM | APRIL 17, 2026 | CVE-2026-22740
Description A WebFlux server application that processes multipart requests creates temp files for parts
larger than 10 K. Under some circumstances, temp files may remain not deleted after the
request is fully processed. This allows an attacker to consume…
LOW | APRIL 17, 2026 | CVE-2026-22741
Description Spring MVC and WebFlux applications are vulnerable to cache poisoning when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux the…
MEDIUM | APRIL 17, 2026 | CVE-2026-22745
Description Spring MVC and WebFlux applications are vulnerable to Denial of Service attacks when resolving static resources. More precisely, an application can be vulnerable when all the following are true: the application is using Spring MVC or Spring WebFlux…
HIGH | APRIL 09, 2026 | CVE-2026-22750
Description When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Affected Spring Products and Versions Spring…
HIGH | MARCH 26, 2026 | CVE-2026-22744
Description In RedisFilterExpressionConverter of spring-ai-redis-store, when a user-controlled string is passed as a filter value for a TAG field,
stringValue() inserts the value directly into the @field:{VALUE} RediSearch TAG block without escaping characters…
HIGH | MARCH 26, 2026 | CVE-2026-22743
Description spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter.
When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter
of spring-ai-neo4j-store, doKey…
CRITICAL | MARCH 26, 2026 | CVE-2026-22738
Description In Spring AI, a SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A malicious actor could exploit this to execute arbitrary code. Only applications that use SimpleVectorStore and…
HIGH | MARCH 26, 2026 | CVE-2026-22742
Description spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to…
