Spring AI 1.1.x Path Traversal via Unsanitized LLM-Filename
CVE-2026-41863 Published on May 25, 2026
LLM-influenced filename used unsanitized in Path.resolve before file write in Spring AI support for Anthropic Skills API
Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories.
Affected versions:
Spring AI: 1.1.0 through 1.1.x
Vulnerability Analysis
CVE-2026-41863 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Weakness Type
What is a Directory traversal Vulnerability?
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CVE-2026-41863 has been classified to as a Directory traversal vulnerability or weakness.
Products Associated with CVE-2026-41863
Want to know whenever a new CVE is published for VMware Spring Framework? stack.watch will email you.
Affected Versions
Spring AI:- Version 1.1.0, <= 1.1.x is affected.