CVE-2026-40980

Name of the Vulnerable Software and Affected Versions Spring AI versions 1.0.0 through 1.0.5 Spring AI versions 1.1.0 through 1.1.4

Description A malicious PDF file can be crafted to trigger the allocation of unreasonable amounts of memory when processed by the ForkPDFLayoutTextStripper() function, potentially leading to a denial of service.

Recommendations Update to version 1.0.6 for versions 1.0.0 through 1.0.5. Update to version 1.1.5 for versions 1.1.0 through 1.1.4. As a temporary workaround, consider restricting the use of the ForkPDFLayoutTextStripper() function until the update is applied.