CVE-2026-41863 Spring CVE debrief

Who should care

Organizations running Spring AI 1.1.0-1.1.x with Anthropic Skills API integration; development teams building LLM-integrated applications with file system operations; security teams monitoring supply chain risks in AI/ML frameworks

Technical summary

The vulnerability exists in Spring AI's integration with Anthropic's Skills API, where filenames generated or influenced by LLM responses are passed unsanitized to Path.resolve(). This allows path traversal sequences (e.g., ../) to escape the intended target directory. The flaw is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory). Attackers with low-privileged network access can achieve high integrity impact by writing arbitrary files to restricted locations. The vulnerability does not affect confidentiality or availability per the CVSS vector.

Defensive priority

medium

Recommended defensive actions

• Upgrade Spring AI to a version newer than 1.1.x when available, or apply vendor-provided patches
• Implement strict input validation and sanitization for all LLM-influenced filenames before Path.resolve() operations
• Use chroot jails or container filesystem restrictions to limit writeable directories
• Enable application-level path canonicalization and verify resolved paths remain within intended base directories
• Review file write permissions and apply principle of least privilege to application service accounts
• Monitor for anomalous file system activity in application directories and parent paths

Evidence notes

Vulnerability confirmed through official Spring security advisory ([email protected]). CWE-22 (Path Traversal) classification from vendor. Affected version range explicitly stated as 1.1.0 through 1.1.x. CVSS 3.1 score 6.5 (MEDIUM) with integrity impact rated HIGH.

Official resources