{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22742", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2026-01-09T06:54:49.675Z", "datePublished": "2026-03-27T05:27:41.165Z", "dateUpdated": "2026-03-27T05:27:41.165Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2026-03-27T05:27:41.165Z"}, "title": "Server-Side Request Forgery in BedrockProxyChatModel via Unvalidated Media URL Fetching", "affected": [{"vendor": "Spring", "product": "Spring AI", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "1.0.5", "versionType": "custom"}, {"status": "affected", "version": "1.1.0", "lessThan": "1.1.4", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Spring AI's spring-ai-bedrock-converse\u00a0contains a Server-Side Request Forgery (SSRF) vulnerability in\u00a0BedrockProxyChatModel\u00a0when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests to unintended internal or external destinations.\nThis issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<code>Spring AI's spring-ai-bedrock-converse</code>&nbsp;contains a Server-Side Request Forgery (SSRF) vulnerability in&nbsp;<code>BedrockProxyChatModel</code>&nbsp;when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests to unintended internal or external destinations.<br><p>This issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4.</p>"}]}], "references": [{"url": "https://spring.io/security/cve-2026-22742"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseSeverity": "HIGH", "baseScore": 8.6, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Spring AI's spring-ai-bedrock-converse\u00a0contains a Server-Side Request Forgery (SSRF) vulnerability in\u00a0BedrockProxyChatModel\u00a0when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests to unintended internal or external destinations.\nThis issue affects Spring AI: from 1.0.0 before 1.0.5, from 1.1.0 before 1.1.4."}], "id": "CVE-2026-22742", "lastModified": "2026-03-27T06:16:37.833", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2026-03-27T06:16:37.833", "references": [{"source": "security@vmware.com", "url": "https://spring.io/security/cve-2026-22742"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Received"}

{}

{"analysis": {"en": {"generated_at": "2026-03-27T07:21:38.697552+00:00", "value": {"mitigation_remediation": ["Apply the official patch by upgrading spring\u2011ai\u2011bedrock\u2011converse to version 1.0.5 or newer.", "If upgrading is not possible, disable multimodal media processing to stop user\u2011supplied URL handling.", "Restrict outbound HTTP requests from the application to trusted destinations only.", "Monitor application logs for unexpected outbound traffic indicating potential misuse."], "summary": {"action": "Immediate Patch", "impact": "Server\u2011Side Request Forgery potentially enabling internal network exposure"}, "threat_synthesis": {"affected_systems": "This vulnerability affects Spring AI\u2019s spring\u2011ai\u2011bedrock\u2011converse from version 1.0.0 up to but not including 1.0.5, and from 1.1.0 up to but not including 1.1.4.", "description_and_impact": "Spring AI's spring\u2011ai\u2011bedrock\u2011converse contains a Server\u2011Side Request Forgery flaw in the BedrockProxyChatModel when handling multimodal messages that include user\u2011supplied media URLs. The lack of URL validation allows an attacker to compel the server to perform HTTP requests to arbitrary internal or external endpoints, permitting the theft of sensitive data, lateral movement within the network, or other malicious actions that compromise confidentiality and integrity.", "risk_and_exploitability": "With a CVSS score of 8.6 the flaw is classified as high severity. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. The SSRF can be triggered remotely by any client that can reach the API, making the exploit feasible against exposed deployments without additional prerequisites."}}}}, "created": "2026-03-27T09:22:10.286971+00:00", "updated": "2026-03-27T09:22:10.287018+00:00", "vendors": [], "weaknesses": ["CWE-918"]}