Description
In Spring AI, having access to a shared environment can expose the ONNX model used by the application.

Affected versions:
Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)
Published: 2026-04-28
Score: 6.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker who can access a shared environment to read or copy the ONNX model used by the application, exposing valuable intellectual property. It is a confidentiality issue aligned with CWE‑377, where improper configuration of shared resources enables data leakage.

Affected Systems

Spring AI versions 1.0.0 through 1.0.5 and 1.1.0 through 1.1.4 are impacted; the problem is fixed in 1.0.6 and 1.1.5.

Risk and Exploitability

The CVSS score of 6.1 indicates moderate severity. With no EPSS score available and the vulnerability not listed in CISA KEV, the attack likelihood hinges on the attacker’s ability to share the same environment. The most likely vector is local access or compromise of an application that shares the environment, allowing the attacker to read the model. Though it does not allow remote code execution, the exposure of the model can lead to intellectual‑property theft and potentially enable further attacks or reverse engineering.

Generated by OpenCVE AI on April 28, 2026 at 12:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Spring AI to version 1.0.6 or newer, or to 1.1.5 or newer, to apply the vendor fix.
  • Configure the application to run in an isolated environment where no other processes can access the shared environment, ensuring the ONNX model is not exposed to unintended entities.
  • Restrict file system permissions on the ONNX model so that only the executing application process can read it, preventing other users or processes from viewing the model data.

Generated by OpenCVE AI on April 28, 2026 at 12:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-r5hp-3cgj-j6xv Spring AI's ONNX model cache defaults to world-writable predictable /tmp directory
References
Link Providers
https://spring.io/security/cve-2026-40979 cve-icon cve-icon
History

Wed, 29 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Vmware
Vmware spring Ai
CPEs cpe:2.3:a:vmware:spring_ai:*:*:*:*:*:*:*:*
Vendors & Products Vmware
Vmware spring Ai

Wed, 29 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Spring
Spring spring
Vendors & Products Spring
Spring spring

Tue, 28 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 12:45:00 +0000

Type Values Removed Values Added
Title Exposure of ONNX Model via Shared Environment in Spring AI

Tue, 28 Apr 2026 09:15:00 +0000

Type Values Removed Values Added
Description In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)
Weaknesses CWE-377
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N'}

Subscriptions

Spring Spring
Vmware Spring Ai
cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published:

Updated: 2026-04-28T12:33:07.977Z

Reserved: 2026-04-16T02:19:04.616Z

Link: CVE-2026-40979

cve-icon Vulnrichment

Updated: 2026-04-28T12:33:03.027Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-28T09:16:16.767

Modified: 2026-04-29T18:16:16.673

Link: CVE-2026-40979

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T10:00:09Z

Weaknesses