https://feed.craftedsignal.io/tags/cve-2026-22742/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioFri, 27 Mar 2026 06:16:37 +0000https://feed.craftedsignal.io/briefs/2026-03-spring-ai-ssrf/Fri, 27 Mar 2026 06:16:37 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-spring-ai-ssrf/Spring AI's spring-ai-bedrock-converse library is vulnerable to Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied media URLs in multimodal messages, allowing attackers to trigger HTTP requests to internal or external destinations.<p>A Server-Side Request Forgery (SSRF) vulnerability has been identified in the spring-ai-bedrock-converse library within Spring AI. The vulnerability resides in the BedrockProxyChatModel component and arises during the processing of multimodal messages. Specifically, when handling user-supplied media URLs, the application fails to adequately validate these URLs. This lack of validation allows a malicious actor to inject arbitrary URLs, potentially causing the server to make unintended HTTP…</p> highadvisoryssrfspring-aibedrockproxychatmodelcve-2026-22742