{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-22742/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["ssrf","spring-ai","bedrockproxychatmodel","cve-2026-22742"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA Server-Side Request Forgery (SSRF) vulnerability has been identified in the spring-ai-bedrock-converse library within Spring AI. The vulnerability resides in the BedrockProxyChatModel component and arises during the processing of multimodal messages. Specifically, when handling user-supplied media URLs, the application fails to adequately validate these URLs. This lack of validation allows a malicious actor to inject arbitrary URLs, potentially causing the server to make unintended HTTP…\u003c/p\u003e\n","date_modified":"2026-03-27T06:16:37Z","date_published":"2026-03-27T06:16:37Z","id":"/briefs/2026-03-spring-ai-ssrf/","summary":"Spring AI's spring-ai-bedrock-converse library is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied media URLs in multimodal messages, allowing attackers to trigger HTTP requests to internal or external destinations.","title":"Spring AI BedrockProxyChatModel SSRF Vulnerability (CVE-2026-22742)","url":"https://feed.craftedsignal.io/briefs/2026-03-spring-ai-ssrf/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-22742","version":"https://jsonfeed.org/version/1.1"}