Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery (SSRF) vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests to unintended internal or external destinations. This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.
{
"cna_assigner": "vmware",
"unresolved_ranges": [
{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.0.5"
},
{
"introduced": "1.1.0"
},
{
"fixed": "1.1.4"
}
]
},
{
"source": "DESCRIPTION",
"extracted_events": [
{
"introduced": "1.0.0"
},
{
"fixed": "1.0.5"
},
{
"introduced": "1.1.0"
},
{
"fixed": "1.1.4"
}
]
}
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/22xxx/CVE-2026-22742.json"
}