Zero Day MonitorZDM

← Back to list

6.1

CVE-2026-40979PATCHED

spring · spring ai

CVE-2026-40979: In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected version

Description

A vulnerability, which was classified as problematic, was found in Vmware Spring AI up to 1.0.5/1.1.4. Affected by this vulnerability is the function TransformersEmbeddingModel of the component ONNX Model Handler. Such manipulation leads to insecure temporary file. This vulnerability is uniquely identified as CVE-2026-40979. Local access is required to approach this attack.

Affected Products

Vendor	Product	Versions
spring	spring ai	maven/org.springframework.ai:spring-ai-transformers: >= 1.0.0, < 1.0.6, maven/org.springframework.ai:spring-ai-transformers: >= 1.1.0, < 1.1.5

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
maven	org.springframework.ai:spring-ai-transformers	GHSA	85%

References

https://spring.io/security/cve-2026-40979

Related News (2 articles)

Tier C

VulDB13d ago

CVE-2026-40979 | Vmware Spring AI up to 1.0.5/1.1.4 ONNX Model TransformersEmbeddingModel temp file

→ No new info (linked only)

Tier B

CERT-FR13d ago

Multiples vulnérabilités dans Spring (28 avril 2026)

→ No new info (linked only)

CVSS 3.16.1 MEDIUM

VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available

org.springframework.ai:spring-ai-transformers@1.0.6org.springframework.ai:spring-ai-transformers@1.1.5

CWECWE-377

PublishedApr 28, 2026

Last enriched13d agov2

Trending Score7

Source articles2

Independent2

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-40982EXP

CVE-2026-40982: Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server

HIGHCVE-2026-40981EXP

CVE-2026-40981: When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the co

HIGHCVE-2026-41002EXP

CVE-2026-41002: The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server to clone Git reposi

MEDIUMCVE-2026-41004

CVE-2026-41004: When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Sp

LOWCVE-2026-22740EXP

Spring Framework DoS with Multipart Temp Files in WebFlux

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 28, 2026

Discovered by ZDM

Apr 28, 2026

Patch Available

Apr 28, 2026

Updated: description

Apr 28, 2026

Version History

v2

Last enriched 13d ago

v2Tier C13d ago

Updated vendor to VMware, added detailed description about the vulnerability, and clarified that no exploit exists.

description

via VulDB

v113d ago

Initial creation