CVE-2026-22742 - Vulnerability Analysis
HighCVSS: 8.6Last Updated: March 30, 2026
Spring AI spring-ai-bedrock-converse - Server-Side Request Forgery
Overview
Spring AI spring-ai-bedrock-converse from 1.0.0 before 1.0.5 and from 1.1.0 before 1.1.4 contains a server-side request forgery caused by insufficient validation of user-supplied media URLs in BedrockProxyChatModel, letting attackers induce the server to make HTTP requests to unintended destinations, exploit requires crafted multimodal messages with media URLs.
Severity & Score
Impact
Attackers can make the server send HTTP requests to internal or external unintended destinations, potentially accessing sensitive internal resources or causing other impacts.
Mitigation
Upgrade to versions 1.0.5, 1.1.4 or later.
Social Media Activity(1 post)
š CVE-2026-22742 - High (8.6) Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows ... š https://www.thehackerwire.com/vulnerability/CVE-2026-22742/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-22742
- Severity
- High
- CVSS Score
- 8.6
- Type
- server_side_request_forgery
- Status
- unconfirmed
- EPSS
- 3.1%
- Social Posts
- 1
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N