CVE-2026-22718

Summary

The VSCode extension for Spring CLI are vulnerable to command injection, resulting in command execution on the users machine.

Affected Software

VendorProductVersion RangeStatus
SpringCLI VSCode Extension0.9.0 and olderaffected

Weaknesses

  • CWE-78: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References