{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40979", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2026-04-16T02:19:04.616Z", "datePublished": "2026-04-28T07:31:21.447Z", "dateUpdated": "2026-04-28T12:33:07.977Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2026-04-28T07:31:21.447Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-377", "description": "CWE-377: Insecure Temporary File", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "Shared environments can expose the ONNX model cache due to world-writable, predictable paths under /tmp; CVSS v3.1 indicates low confidentiality and high integrity impact."}]}], "affected": [{"vendor": "Spring", "product": "Spring AI", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "1.0.6", "versionType": "custom"}, {"status": "affected", "version": "1.1.0", "lessThan": "1.1.5", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "In Spring AI, having access to a shared environment can expose the ONNX model used by the application.\n\nAffected versions:\nSpring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)", "supportingMedia": [{"type": "text/html", "base64": false, "value": "In Spring AI, having access to a shared environment can expose the ONNX model used by the application.<br><br>Affected versions:<br>Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)"}]}], "references": [{"url": "https://spring.io/security/cve-2026-40979"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"}}], "source": {"discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-28T12:32:58.677891Z", "id": "CVE-2026-40979", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T12:33:07.977Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40979", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2026-04-16T02:19:04.616Z", "datePublished": "2026-04-28T07:31:21.447Z", "dateUpdated": "2026-04-28T12:33:07.977Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2026-04-28T07:31:21.447Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-377", "description": "CWE-377: Insecure Temporary File", "type": "CWE"}]}], "impacts": [{"descriptions": [{"lang": "en", "value": "Shared environments can expose the ONNX model cache due to world-writable, predictable paths under /tmp; CVSS v3.1 indicates low confidentiality and high integrity impact."}]}], "affected": [{"vendor": "Spring", "product": "Spring AI", "versions": [{"status": "affected", "version": "1.0.0", "lessThan": "1.0.6", "versionType": "custom"}, {"status": "affected", "version": "1.1.0", "lessThan": "1.1.5", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "In Spring AI, having access to a shared environment can expose the ONNX model used by the application.\n\nAffected versions:\nSpring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)", "supportingMedia": [{"type": "text/html", "base64": false, "value": "In Spring AI, having access to a shared environment can expose the ONNX model used by the application.<br><br>Affected versions:<br>Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)"}]}], "references": [{"url": "https://spring.io/security/cve-2026-40979"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N"}}], "source": {"discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40979", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-28T12:32:58.677891Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T12:33:03.027Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In Spring AI, having access to a shared environment can expose the ONNX model used by the application.\n\nAffected versions:\nSpring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)"}], "id": "CVE-2026-40979", "lastModified": "2026-04-28T09:16:16.767", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2026-04-28T09:16:16.767", "references": [{"source": "security@vmware.com", "url": "https://spring.io/security/cve-2026-40979"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-377"}], "source": "security@vmware.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-28T12:20:30.551824+00:00", "value": {"mitigation_remediation": ["Upgrade Spring AI to version 1.0.6 or newer, or to 1.1.5 or newer, to apply the vendor fix.", "Configure the application to run in an isolated environment where no other processes can access the shared environment, ensuring the ONNX model is not exposed to unintended entities.", "Restrict file system permissions on the ONNX model so that only the executing application process can read it, preventing other users or processes from viewing the model data."], "summary": {"action": "Patch Now", "impact": "Sensitive model disclosure"}, "threat_synthesis": {"affected_systems": "Spring AI versions 1.0.0 through 1.0.5 and 1.1.0 through 1.1.4 are impacted; the problem is fixed in 1.0.6 and 1.1.5.", "description_and_impact": "The vulnerability allows an attacker who can access a shared environment to read or copy the ONNX model used by the application, exposing valuable intellectual property. It is a confidentiality issue aligned with CWE\u2011377, where improper configuration of shared resources enables data leakage.", "risk_and_exploitability": "The CVSS score of 6.1 indicates moderate severity. With no EPSS score available and the vulnerability not listed in CISA KEV, the attack likelihood hinges on the attacker\u2019s ability to share the same environment. The most likely vector is local access or compromise of an application that shares the environment, allowing the attacker to read the model. Though it does not allow remote code execution, the exposure of the model can lead to intellectual\u2011property theft and potentially enable further attacks or reverse engineering."}}}}, "created": "2026-04-28T12:30:31.057207+00:00", "title": "Exposure of ONNX Model via Shared Environment in Spring AI", "updated": "2026-04-28T12:30:31.057220+00:00", "vendors": []}