CVE-2026-41863 – LLM-influenced filename used unsanitized in Path.resolve before file write in Spring AI support for Anthropic Skills API

CVE ID :CVE-2026-41863

Published : May 25, 2026, 5:45 a.m. | 2 hours, 12 minutes ago

Description :Spring AI’s support for Anthropic’s Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories.

Affected versions:
Spring AI: 1.1.0 through 1.1.x

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-9434 – Totolink A8000RU Web Management cstecgi.cgi setWiFiWpsCfg os command injection

CVE-2026-9433 – Totolink A8000RU Web Management cstecgi.cgi setMacFilterRules os command injection

CVE-2026-2651 – Missing Authorization Validation in mlflow/mlflow

CVE-2026-9432 – Totolink A8000RU Web Management cstecgi.cgi setWiFiAdvancedCfg os command injection