CVE-2026-22742

HIGH

Server-Side Request Forgery in BedrockProxyChatModel via Unvalidated Media URL Fetching

Title source: cna

Description

Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests to unintended internal or external destinations. This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.

References (1)

https://spring.io/security/cve-2026-22742

Scores

CVSS v3 8.6

EPSS 0.0006

EPSS Percentile 18.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (4)

org.springframework.ai/spring-ai-bedrock-converse 1.0.0-M5 - 1.0.5Maven

Spring/Spring AI 1.0.0 - 1.0.5

Spring/Spring AI 1.1.0 - 1.1.4

vmware/spring_ai 1.0.0 - 1.0.5

Published Mar 27, 2026

Tracked Since Mar 27, 2026