Spring AI BedrockProxyChatModel SSRF Vulnerability (CVE-2026-22742)
Spring AI's spring-ai-bedrock-converse library is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied media URLs in multimodal messages, allowing attackers to trigger HTTP requests to internal or external destinations.
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the spring-ai-bedrock-converse library within Spring AI. The vulnerability resides in the BedrockProxyChatModel component and arises during the processing of multimodal messages. Specifically, when handling user-supplied media URLs, the application fails to adequately validate these URLs. This lack of validation allows a malicious actor to inject arbitrary URLs, potentially causing the server to make unintended HTTP…
Detection coverage 2
Detect Suspicious Outbound Connection from Spring AI
mediumDetects outbound network connections from the Spring AI application server to unusual or internal IP addresses, indicating potential SSRF exploitation.
Detect Multimodal Messages with Suspicious URL Patterns
highDetects requests containing multimodal messages with URLs that resemble common SSRF payloads.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1
1
url