Spring Cloud Config and Spring AI Flaws Expose Systems to RCE and SSRF
The Canadian Centre for Cyber Security issued advisory AV26-288 warning that multiple vulnerabilities disclosed by Spring affect Spring Cloud Config and Spring AI, including server-side request forgery (SSRF), unintended file access, query injection, and a SpEL injection that can lead to remote code execution (RCE). The notice says the issues were disclosed by Spring between March 23 and 26 and urged organizations to review the vendor advisories and assess exposure in affected deployments.
Affected versions include Spring Cloud Config releases prior to 3.1.3, 4.1.9, 4.2.6, 4.3.2, and 5.0.2, along with Spring AI versions prior to 1.0.5 and 1.1.4. The Cyber Centre advised administrators and users to apply the relevant updates to reduce the risk of exploitation against exposed services and vulnerable application environments.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Canadian Centre for Cyber Security issues advisory AV26-288
On March 26, 2026, the Canadian Centre for Cyber Security published advisory AV26-288 summarizing the Spring vulnerabilities and urging users and administrators to review the vendor advisories and apply updates.
Fixed versions released for affected Spring products
Spring made patched versions available for the affected products, including Spring Cloud Config 3.1.3, 4.1.9, 4.2.6, 4.3.2, and 5.0.2, as well as Spring AI 1.0.5 and 1.1.4.
Spring discloses multiple vulnerabilities in Spring Cloud Config and Spring AI
Between March 23 and March 26, 2026, Spring disclosed multiple vulnerabilities affecting Spring Cloud Config and Spring AI, including SSRF, unintended file access, query injection, and a SpEL injection that could lead to remote code execution.
Technical details published for CVE-2026-22730 in Spring AI MariaDB Vector Store
On 2026-03-19, a security blog published details about CVE-2026-22730, describing a SQL injection vulnerability affecting Spring AI's MariaDB Vector Store component. This predates Spring's broader March 23-26 vulnerability disclosures already captured in the timeline.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Spring Issues Security Updates Across Boot, Framework, Security, and Gateway
Spring published multiple security advisories covering several widely used components, including **Spring Cloud Gateway**, **Spring Security**, **Spring Authorization Server**, **Spring Framework**, and a critical update for **Spring Boot**. The Canadian Centre for Cyber Security said the advisories were released between April 9 and April 23 and identified affected version ranges across these product lines, with Spring Boot fixes specifically issued for the `4.0.x`, `3.5.x`, `3.4.x`, `3.3.x`, and `2.7.x` release branches. Canadian authorities urged organizations to review the referenced Spring advisories and apply the vendor updates for all impacted deployments. The notices describe the issue as a patching and vulnerability-management matter rather than confirmed active exploitation, but they emphasize that administrators should promptly update affected Spring environments to the patched versions listed by the vendor.
Apr 28, 2026
Spring discloses Spring AI injection flaw and Spring gRPC security context issues
Spring published three security advisories covering **Spring AI** and **Spring gRPC**, including `CVE-2026-40967`, a flaw in VectorStore `FilterExpressionConverter` implementations that can let attackers manipulate generated vector store queries because keys and values are not properly escaped. The issue affects Spring AI versions `1.0.0` through `1.0.5` and `1.1.0` through `1.1.4`, and is fixed in `1.0.6` and `1.1.5`. External vulnerability tracking describes the bug as a high-severity code or query injection risk with CVSS `AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L` and maps it to `CWE-94`. Spring also disclosed two **Spring gRPC** vulnerabilities: `CVE-2026-40968`, in which `SecurityContext` data can leak across requests after an authorization failure, and `CVE-2026-40969`, where an `AuthenticationException` message may be reflected back to a remote client. Together, the advisories point to risks of query manipulation, cross-request security context exposure, and unintended error-message disclosure in applications built on affected Spring components.
Apr 28, 2026
Critical Directory Traversal and Secret Exposure Flaws in Spring Cloud Config Server
VMware Tanzu Spring Cloud Config Server is affected by multiple newly disclosed vulnerabilities, led by **CVE-2026-40982**, a critical `CWE-22` directory traversal flaw that lets unauthenticated attackers use crafted URLs to read arbitrary text and binary files from the host running `spring-cloud-config-server`. Public reporting says the issue affects release lines `3.1.x`, `4.1.x`, `4.2.x`, `4.3.x`, and `5.0.x`, with the most severe impact tied to unauthorized file access from network-reachable servers. Additional flaws include **CVE-2026-40981**, which can expose Google Secrets Manager data from unintended GCP projects, **CVE-2026-41002**, a race condition involving the Git repository clone base directory, and **CVE-2026-41004**, which can leak sensitive information into plaintext logs when trace logging is enabled. Spring has released fixes including `4.3.3` and `5.0.3` for open-source users, while enterprise support customers were directed to `3.1.14`, `4.1.10`, and `4.2.7`; a temporary mitigation for the GCP secret exposure issue is to require token validation before serving project secrets.
May 8, 2026