{"data":{"id":"423f62ba-9a1e-4925-bc01-92f835e41372","title":"CVE-2026-40979: In Spring AI, having access to a shared environment can expose the ONNX model used by the application.\n\nAffected version","summary":"CVE-2026-40979 is a security flaw in Spring AI (a framework for building AI applications) where someone with access to a shared computing environment can find and view the ONNX model (a type of machine learning model file) that the application uses. This vulnerability affects Spring AI versions 1.0.0 through 1.0.5 and 1.1.0 through 1.1.4.","solution":"Fixed in Spring AI version 1.0.6 and version 1.1.5.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-40979","publishedAt":"2026-04-28T09:16:16.767Z","cveId":"CVE-2026-40979","cweIds":["CWE-377"],"cvssScore":"6.1","cvssSeverity":"medium","severity":"medium","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Spring AI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N","attackVector":"local","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-28T09:16:16.767Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"model","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}