CVE-2026-40980

Summary

Spring AI Vulnerable to OOM by attacker-controlled PDF

Severity

medium

EPSS

0.2% (p15)

Also known as

GHSA-26gg-9gv2-v27j

Published

2026-04-28

References

• https://nvd.nist.gov/vuln/detail/CVE-2026-40980
• https://github.com/spring-projects/spring-ai
• https://spring.io/security/cve-2026-40980

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Summarize with AI

ChatGPTClaudePerplexity