Primary

Context

Spring AI ONNX Model Exposure Vulnerability

Vulnerability

A vulnerability in Spring AI versions 1.0.0 through 1.0.5 and 1.1.0 through 1.1.4 allows exposure of the ONNX model used by the application. This issue arises when applications utilize the 'TransformersEmbeddingModel' with caching enabled, defaulting to a world-writable and predictable temporary directory. Access to a shared environment can further exacerbate the problem.

Impact

Exploitation of this vulnerability can lead to unauthorized access to the ONNX model, potentially allowing for misuse or manipulation of the model within the application.

Remediation

Users should upgrade to Spring AI version 1.0.6 or 1.1.5, depending on their current version. No additional mitigation steps are necessary.

Added: Apr 28, 2026, 9:35 AM

Updated: Apr 28, 2026, 9:35 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

2.9

remediation

0.0

relevance

6.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

2.9

remediation

0.0

relevance

6.9

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Spring AI ONNX Model Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating