Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories.
Affected versions: Spring AI: 1.1.0 through 1.1.x
{
"unresolved_ranges": [
{
"source": "AFFECTED_FIELD",
"extracted_events": [
{
"introduced": "1.1.0"
},
{
"last_affected": "1.1.x"
}
]
},
{
"source": "DESCRIPTION",
"extracted_events": [
{
"introduced": "Path.resolve"
},
{
"introduced": "1.1.0"
},
{
"fixed": "1.1.x"
}
]
}
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41863.json",
"cwe_ids": [
"CWE-22"
],
"cna_assigner": "vmware"
}