Description
Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories.

Affected versions:
Spring AI: 1.1.0 through 1.1.x
Published: 2026-05-25
Score: 6.5 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Spring AI's support for Anthropic's Skills API uses LLM‑influenced filenames without sanitization in Path.resolve before the file is written to disk, which allows files to be written outside the intended target directory, including restricted directories. This directory traversal flaw permits an attacker to create or overwrite files beyond the intended scope, potentially affecting the integrity of the system.

Affected Systems

Affected: Spring AI, versions 1.1.0 through 1.1.x. The issue is present in all releases of Spring AI that include the Anthropic Skills API integration within that range.

Risk and Exploitability

The flaw carries a CVSS score of 6.5, indicating medium severity. EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog. The likely attack surface is remote; an attacker who can invoke the Anthropic Skills API endpoint could supply a crafted filename that causes the vulnerable Path.resolve logic to write the file outside the intended directory, allowing unauthorized creation or modification of files in locations beyond the intended scope.

Generated by OpenCVE AI on May 25, 2026 at 07:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Spring AI to a patched version released after 1.1.x.
  • If an upgrade is not feasible, restrict file writes to a verified safe directory and enforce strict path normalization checks.
  • Audit and monitor file creation events to detect unauthorized writes.

Generated by OpenCVE AI on May 25, 2026 at 07:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://spring.io/security/cve-2026-41863 cve-icon
History

Mon, 25 May 2026 06:45:00 +0000

Type Values Removed Values Added
Description Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories. Affected versions: Spring AI: 1.1.0 through 1.1.x
Title LLM-influenced filename used unsanitized in Path.resolve before file write in Spring AI support for Anthropic Skills API
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published:

Updated: 2026-05-25T05:45:37.690Z

Reserved: 2026-04-22T06:22:10.082Z

Link: CVE-2026-41863

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-25T08:00:12Z

Weaknesses