Spring Product Security Update Advisory
Security updates have been released to address vulnerabilities in Spring products. the affected products are Spring Cloud Config and Spring AI. The vulnerabilities addressed in Spring Cloud Config are CVE-2026-40981, CVE-2026-40982, and CVE-2026-41002. CVE-2026-40981 is a privilege bypass vulnerability. CVE-2026-40982 is a Directory Path Manipulation vulnerability. CVE-2026-41002 is a TOCTOU
