By vendor

Springaicommunity vulnerabilities

Known CVEs affecting Springaicommunity products, prioritized by severity, with SEC.co remediation and detection guidance.

1 published vulnerability

  • CVE-2026-45609HIGH 7.2

    mcp-security, a Spring AI component that manages security and authorization for the Model Context Protocol, contains a Server-Side Request Forgery (SSRF) vulnerability in versions before 0.1.9. When Dynamic Client Registration is enabled, the framework processes OAuth discovery and metadata URLs without properly validating them, allowing an attacker to redirect requests to internal network resources or malicious endpoints. This could lead to information disclosure or unauthorized actions on systems the application can reach.